Users offered ad tracking choice

TalkTalk customers will get chance to decide if they want targeted ads

Broadband provider TalkTalk has confirmed that it will allow customers to 'opt in' to Phorm's controversial new advertisement system.

TalkTalk is one of three UK ISPs to sign up to the Webwise service which sees user's surfing habits tracked.

It has decided not to offer the service by default but rather to allow users to choose whether they want it.

It follows 1,000 people signing a Downing Street online petition saying the system breaches customer privacy.

"We will be endorsing and recommending take-up of the system but we want to ensure that customers make their own decision," said a spokesman for TalkTalk.

It believes that there is a two-fold benefit for customers.

"We feel customers will welcome the opportunity to get fewer irrelevant advertisements as well as benefit from the real-time anti-phishing alerts," he said.

Behavioural advertising

Fans of Top Gear website will get motoring ads

Phorm works by placing a cookie on a user's machine that contains a randomised identifying number. That cookie tracks websites visited and draws conclusions about a user's behaviour in order to target more relevant adverts.

So, for example, someone who often visits the Top Gear website is likely to be served motoring advertisements.

The controversy over the system surrounds the fact that ISPs are "selling" information about users on to a third party.

Phorm, the US company behind the system, is keen to stress that the data it collects is 100% anonymous and no profile of the user is ever created, so that no-one could "reverse engineer" the information in order to establish identity.

Campaigner Simon Davies was asked to assess its privacy measures as part of the work he does for privacy start-up 80/20.

He believed the system "advances the whole sector of protecting personal information by two or three steps", although he was not sure that the public was ready to buy into behavioural advertising.

The fact that TalkTalk has decided to let consumers choose whether they want to sign up to the service is likely to be a blow for Phorm, thinks Nate Elliott, an analyst with Jupiter Research.

"Ideally Phorm would like to have automatic access to all users but TalkTalk has gone for the safe option of opt-in which could limit the number of consumers," he said.

For ISPs desperate to retain customers entering the untested world of behavioural targeted advertisng is "scary"., said Mr Elliott.

"If ISPs do something that consumers see as a violation of their privacy then they will simply change provider."

Kent Ertegrul, chief executive of Phorm, told the BBC News website that he was confused about why the issue of opt-in versus opt-out was causing so much controversy.

"There is no way of not knowing that this is switched on. There is a clear choice offered to consumers and I am surprised that there has been so many questions about this. I find it a bit bizarre," he said.

For him the service is a win win for consumers.

"Having advertising behind it allows for better, cheaper broadband," he said.

BT will start a trial of the Webwise system this month and said that it would be offering it as an opt-in service in so far as it would be inviting 10,000 broadband customers to trial it.

"We will look at the findings of the trial before we make a decision on how to go about a more widespread deployment," said a spokesman.

He believes that the anti-phishing tools will attract customers concerned by online safety although he stressed that other security measures would still be in place for customers who did not want to use the system.

Automatic access

Google and Hitwise manage and manipulate data and people generally don't have an objection to that

He also said that triallists wishing to sign up to the system would have to agree to new terms and conditions. The details of this have not yet been finalised but it would not be a "material change", said the spokesman.

Virgin Media is also due to trial the system later in the year and is happy that it does not breach any existing privacy legislation.

"We have had a few customers get in touch with privacy concerns but these have been fairly comprehensively addressed by answers from Phorm," said a spokesman.

He believes the system sets a "new standard" in targeted advertising and is not convinced that there is any foundation for concern.

"Google and Hitwise manage and manipulate data and people generally don't have an objection to that," he said.

How the system was to be rolled out to Virgin Media customers was yet to be decided, he added.

"Deployment is months away but we will make sure that people know what it is about and exactly how it will work."

ISPs entering the lucrative world of online advertising could receive a big revenue boost. Proceeds from the advertising platform being set up by Phorm - known as the Open Internet Exchange - will be shared with any ISPs that sign up.

Some analysts predict that the deal could generate millions of pounds annually for BT and other ISPs but not everyone is so optimistic.

"Our figures show that only 10% of online advertisers currently use behavioural targetted ads," said Mr Elliott.Mardell's Europe Day in pictures Moon marvel

Source from: news.bbc.co.uk

Read More..

Phorm: Your questions answered

The controversial online advertising company Phorm has come under fierce criticism for its tool that tracks users' online surfing habits.

Q: What transparency is there? How can I check that Phorm is doing exactly what it claims it is doing? If I opt out, how can I assure myself that the opt out means just that - my data is not being harvested at all?

A: The claims we make as regards our systems, policies and procedures are regularly audited by the privacy audit department of Ernst & Young. But perhaps more importantly, our ISP partners take their customers' privacy very seriously and they have conducted immense due diligence on our technology and internal controls.

Q: Given Phorm's history (as 121media) in the murky world of adware and spyware, how can we trust it today? Why should we trust it?

A: It's true that we have a background in adware, not spyware. Part of the reason we decided to get out out the adware business was because we realised it was very difficult for people to distinguish between the two. We also think that we should be judged on our transparency and our actions. Firstly, when we realised the desktop model was taking us away from our core vision for the business of personalising the internet, we took the unprecedented step of shutting the desktop business down: voluntarily, transparently and under no pressure from anyone else. It was our choice and one that meant we cut ourselves off from revenues of $5-6 million a year in order to concentrate on developing a network based solution, where we find ourselves today.

Q: What fees (or other gifts/gratuities) were paid to Simon Davies and Gus Hosein when they were "invited" to assess Phorm's privacy protection measures? Does Phorm, or any of its directors, agents or employees have any interests in 80/20 Thinking

A: Phorm, its directors, agents or employees have no interests whatsoever in 80/20 Thinking. 80/20 Thinking is a consulting business founded and run by Managing Director Simon Davies, who is also a director of Privacy International, one of the leading privacy advocacy bodies. Phorm has retained 80/20 Thinking to conduct a Privacy Impact Assessment on its technologies, systems and policies and we will work with them on an ongoing basis throughout the year. We chose 80/20 Thinking because Simon Davies has spent the best part of thirty years championing consumer privacy and railing against infringements. We wanted our systems and policies to be open to the kind of unforgiving scrutiny Simon brings.

And yes, 80/20 Thinking does charge for its services, as conducting audits takes time and resources.

A: No, we do not modify web pages or inject ads. We only serve ads to the websites we partner with. In order to participate, websites have to insert a tag into their own page. If you have opted out, will still see ads as you browse - just as you do today - but they won't be from the OIX and they won't be relevant to your browsing.

Q:Would they consider hiring an external agency to audit the provisions for opt-out?

A: Yes. We already have an external auditor -- Ernst & Young, and 80/20 Thinking is conducting a Privacy Impact Assessment, but we would welcome suggestions for additional auditing.

A: Most people have a separate login if they are sharing a computer and they will therefore have a separate random number. But also, advertisers using our system can choose to show ads based on the page they are visiting, recently visited, or a longer term basis. Only the last of these would be affected if the computer and the login were share, so this scenario if possible but not that likely. If the person really wants to hide a surprise, they can switch webwise off!

Q: I would like to better understand the strict demarcation of ownership of equipment to be installed in the ISP to really understand the full content of the stream received at the point of entry to equipment under the control of Phorm. Bloggers purporting to be from BT claim that this is the FULL browsing (http - port 80) stream with IP addresses obfuscated in some way. Is this true? And if so, what safeguards over employee recruitment do Phorm have since they will be in an extremely powerful and trusted position, being able to read 10m peoples' web traffic.

A: No, this is not true. IP addresses are not passed in any form, even obfuscated, to Phorm. All that is passed is a limited digest of page data from each navigation. This data is never stored on disk and is immediately deleted from memory as soon as a product category match has been made.

Q: The same report also mentions detailed (but anonymous) logs that will be removed from the closed loop onto Phorm servers and kept for up-to 14 days. Why do they need these logs since the very thing that impressed 80/20 was the lack of need to store detailed personal information nor remove it from the closed loop

A: The logs mentioned in the E&Y audit report concern system health and error logs, not anything to do with users.

Q: Do phorm intend to resell any data, such as "clickstream" trends, perhaps even split by demographic, and if so, are they aware of the possibility that this data would be "de-anonymized" as reported on techcrunch and numerous sites with the AOL and Netflix "anonymous" releases.

A: Clickstream data is never stored. Therefore is cannot be sold on or 'deanonymised'. The AOL / Netflix situation cannot occur because the clickstream data has been deleted in real time as the page loads.

Q: Even if you do opt out your web traffic will still be intercepted and analysed, you just wont see the ads. Is this true?Q: Plus how will Phorm serve you the "correct" ads unless the traffic they have analysed can be traced back to your computer / IP address. Either Phorm are connected or they aren't, in which case the system can't work. Just replacing the IP with a "unique ID" doesn't make Phorm unconnected if there is a direct relationship between the two.Q: You maybe able to select to opt out of the adverts however BT will still be passing your personal and private information to Phorm, this will include the content of all emails you view online that are not covered by a secure connection (SSL).

Q: What safeguards are there to ensure that in the future Phorm doesn't alter or add to the amount and types of information/data is passed to and

The keynote is transparency: we will communicate any changes and our claims will continue to be subject to external scrutiny by formal audit, partner due diligence, customer vigilance and media interest.

Q: Does the opt out from Phorm satisfy the Data Protection act's provision that individuals can write to the Data Controller of the ISP in writing

The ISP will not be passing any personal information to Phorm. We do not tie into their authentication systems or use any subscriber information.

Q: And does the service ever modify information you receive via http that might not be a web-page, i.e. is it possible for it to accidentally break

We operate a whitelist of user-agents corresponding to major browsers (e.g. Firefox, IE, Opera). Other user-agents are ignored.

A: This isn't inconsistent. The Profiler is owned by the ISP. If someone opts out no data is passed from the ISP to Phorm.

Q: However, I would like to know who provides the software for the "Profiler" and if it's not written by the ISP, how does the ISP check that it does what it's meant to?

A: Phorm provides the software for the profiles, just like Cisco, for example, provides software for an ISP router. The ISP can see exactly what data is being passed in and out of its systems and has complete control over it.

Q: I still want answers to my cookie question. Part II Section 11 "Right to prevent processing for purposes of direct marketing". Is this direct marketing - well as is clear to all concerned there HAS to be some link between the profile and the target computer else the ads would not get served. Opt out by cookie is insufficient in my mind.

A: It's important to understand there are two distinctly separate processes in the Phorm system: data capture and ad serving. The data capture system only stores one item of information on your computer -- a random number. The random number is the only thing that distinguishes your browser from the millions of others on the internet. It does not contain any information about you or your computer. The only person able to make that connection is you, as you have that cookie in your browser.

As you browse your browsing behaviour is matched against pre-defined advertiser categories for everyday products eg travel or sport.

No urls, browsing histories or IP addresses are retained and the raw data used to make the match is deleted in real time - by the time the page loads. There is, in essence, no data other than the categories and the random number stored in the system and so it's impossible to know (or indeed reverse engineer from that) who you are or where you've been.

In the ad serving phase, when your computer requests an advert from the OIX (because a website has included our tag in their page), the browser sends the random number and the categories are used to deliver the targeted ad, not the details of your browsing, or anything about you or your computer.

If you clear your cookies regularly or if you'd like to ensure that Webwise is permanently switched off, simply add "www.webwise.net" to the Blocked Cookies settings in your browser.

Mardell's Europe Day in pictures Moon marvel

Source from: news.bbc.co.uk

Read More..

Private data, public interest?

The use of material taken from personal profiles on social networks by newspapers is to be the subject of a major consultation undertaken by industry watchdog the Press Complaints Commission (PCC).

This comes in the wake of increasingly numbers of newspaper stories that include images and text taken from sites like Bebo, MySpace and Facebook.

But the subjects of press reports are not always happy with the use of content they have uploaded.

Tim Toulmin, director of the PCC, in an interview with BBC Radio 4 says the organisation was getting complaints from people about material, "that is being republished when they themselves are the subject of news stories".

Mr Toulmin says it would be useful to establish principles to guide the press in their use of social network content.

"It's down to the PCC to set the boundaries in a common sense way about what sort of information it is acceptable to re-publish," he says.

To that end the PCC has commissioned research by Ipsos MORI into public attitudes.

The newspaper watchdog wants to discover if people are aware that material they upload could be used in newspaper reports.

Public or private?

There has been some public resentment of the use of social networks by the press.

People may post less information if they knew it journalists might use it

More recently in the UK, media interest in the spate of suspected suicides among young people in Bridgend has lead some in that community to express concern about the way social network profiles were being used by journalists.

Bridgend Welsh Assembly Member Carwyn Jones, said: "It does raise questions of the sensitivity of publishing those photographs for the world to see."

Local MP, Madeleine Moon went further saying that some in the community had complained of reporters posing as young people on social networking sites in order to obtain quotes.

Ms Moon, who has spoken with the PCC, stressed she had no evidence to substantiate these claims, but she did feel that there was a clear need for guidelines for the press.

But the wider issue of how reporters should use information taken from social networks is far from clear-cut.

Taking a photo from a social networking site is, some argue, a less traumatic way of obtaining images and personal detail, than a reporter visiting the home of a grieving family. Digital door-stepping can be much less intrusive than the real thing.

Mr Toulmin says the matter is one of degree: journalists do have a right to use publicly accessible content and the public have responsibilities when they post it.

And many who publish to social networks, in Mr Toulmin's view, do not regard that information as private but actively want to share the information.

He said: "Half the charm is accumulating as many people as possible to be their friends...there will then be an argument about the extent to which you yourself are concerned about people knowing that information."

Similarly if information is already in the public domain there would be little point in denying the press access.Clear case

Mr Toulmin also believes any new guidelines should not prevent the press reproducing content clearly in the public interest to publish.

The PCC has already ruled to this effect. It supported the right of a local newspaper to enter an online community undercover and to republish an image found there, because the complainant, a police officer, was the subject of a criminal investigation.

Some papers covering the Virginia Tech shootings used information from social sites

"They will I think be forced to go further in educating people," he says.

Guidance from the PCC will only apply to newspapers.

With the most popular blogs surpassing the circulation of many local papers, and competing effectively for advertising revenue, this is not a small concern.

Mr Toulmin acknowledges this is important, but adds: "The press do have obligations over and above those that govern the online community."

But not everyone in the media shares that view: Bob Satchwell of the Director of the Society of Editors thinks the press should be subject to no greater regulation than the public.

Says Mr Satchwell: "Traditional media is already regulated in various ways; broadcasting by the statutory regulation, the press by the PCC, so there are far greater constraints on traditional journalists and media than there are on the wider public, so called 'citizen journalists' and bloggers."

However, there are some restrictions that apply to all who use social network content.

The British Journal of Photography in a recent article concludes that publication of images on social networks does not automatically grant rights to republish photograph elsewhere.

In the end copyright law may resolve part of this issue, if the deliberations of the PCC do not.Texan tango 'Troops chased me' Bound for Baghdad

Source from: news.bbc.co.uk

Read More..

Net news 'threatens court cases'

Lord Falconer believes the actions would only need to be temporary

Articles relating to high-profile court cases should be removed from online news archives, the former Lord Chancellor has told the BBC.

Lord Falconer believes the action is necessary to avoid news stories written before a case influencing its outcome.

Action would be necessary for around 20 cases a year, he said, in trials which attract a lot of pre-trial coverage.

The Attorney-General would have to be responsible for identifying cases that could be affected, he said.

"I think the state needs to be better at identifying those cases in which they think there's a contempt risk," he told BBC Radio 4's Law in Action programme.

The rules would only apply to cases, such as the Soham murders, which generate intense media interest.

News organisations would have to remove stories from their archives that were written before an arrest was made and a case became active.

If they refused to comply "it would be very strong evidence they'd committed contempt", he said.

History search

Under the Contempt of Court Act 1981, reporters must be careful not to publish or broadcast anything which poses a "substantial risk of serious prejudice" to a fair trial, such as a defendant's previous convictions unless they are mentioned in open court.

The restrictions apply when a case becomes "active", that is when a warrant is issued for a suspect, an arrest is made or charges are brought.

If one hoster is ordered to remove information because it is in contempt, it is very easy for that information to pop up on another website.

But a journalist may have legitimately reported this information before the individual was arrested and faced trial, and that article could lie in vast online archives that are easy to access.

Charles Collier-Wright, group legal manager at Trinity Mirror, said taking down story archives would present news organisations with serious practical difficulties:

"I think it would be absurd if anyone seriously argued that newspaper archives should be removed just for fear that somebody might go and do a bit of research on them in relation to a case that might be coming up," he said.

"Newspaper information has always been accessible to anyone who really wanted to do it - you can go to libraries and find it out."

Lord Falconer says articles should only be removed for a temporary period, in the run-up to and during a court case, and that search engines should also be asked to ensure prejudicial material doesn't come up at the top of search results lists.

He also denies that the scheme could be seen as changing history.

'Conviction quashed'

Lord Falconer's intervention comes as concern increases about the role of the internet for the criminal justice system.

"By the click of the button you can go on to the internet and get access to the press coverage there may have been at the time the person on trial was arrested," Donald Findlay QC, one of Scotland's leading barristers, told the BBC.

The internet presented a potentially big problem for the criminal justice system across Britain, he said.

"That might disclose all sorts of speculation about the circumstances of the crime, all sorts of information you are not supposed to have if you're serving on a jury."

Prejudicial material can be easy to come by, appearing all over the web - on blogs and discussion boards, for example.

As a result, Catrin Turner, a partner and online law specialist at solicitors Pinsent Masons, said removing a web page wouldn't necessarily remove the problem.

"Websites are hosted on servers all over the world," she explained.

"If one hoster is ordered to remove information because it is in contempt, it is very easy for that information to pop up on another website.

"There is also something called caches: invisible copies of content are stored in separate places on the internet, so even if content is taken down from a website, there may still be these caches or stores of information which can be accessed."

Judges do warn juries against doing their own research on the internet, but media barrister Rupert Elliott said there was concrete evidence that the temptation is difficult to resist:

"In a 2005 rape case, at the end of the trial some downloaded material from the internet was found in the jury room, which essentially encouraged uncritical acceptance of evidence from a rape victim.

"In that case, the Court of Appeal was so concerned about its content that they quashed the conviction," he said.

Source from: news.bbc.co.uk

Read More..

Facing the future Facebook style

Facebook has become so influential it is bound to create headlines

Regular commentator Bill Thompson ruminates on the inevitability of Facebook being in the news in 2008

It might just manage to avoid upsetting its users with new services such as Beacon, the misjudged advertising feature that told your friends about your purchases.

It might spot fake profiles of famous people, like the two Bilawal Bhutto entries that fooled both Facebook and some newspapers, and remove them before they get noticed.

And it could even avoid falling victim to one of the frauds that are likely to be perpetrated against users of all social network sites.

But even if Facebook is lucky it will still get a lot of coverage.

Because during 2007 it became the social site of choice for journalists, politicians, bloggers and others who see MySpace as for the kids and LinkedIn as too business-oriented for friends.

Face off with blogger

The spat has helped highlight the issue of data ownership and data portability, and may even lead to more careful consideration of who can do what with the information found around the internet.

It also means that when Facebook is directly involved in a story then it will be bigger than it may otherwise have been.

We saw this recently in the fuss over the site's treatment of Robert Scoble, one of the more significant technology bloggers and a former Microsoft employee and evangelist.

Scoble, who has complained that Facebook limits him to 'only' 5,000 online friends, used a program to read each name, e-mail address and date of birth and import them into another social service, Plaxo Pulse.

When you sign up for Facebook "you agree not to use the Service or the Site to harvest or collect e-mail addresses or other contact information of other users from the Service or the Site by electronic or other means for the purposes of sending unsolicited emails or other unsolicited communications".

Since Scoble was using an automated script to harvest addresses he was clearly breaking this condition, so Facebook suspended his account just as it would for any other user.

Data issues

However Scoble is an A-list blogger so when he wrote about his suspension it generated a storm of comment.

At first people were broadly on his side, criticising Facebook for acting as if it owned his network of contacts.

Others then weighed in, pointing out that the birth dates and e-mail addresses Scoble had taken didn't belong to him but to his Facebook friends, many of whom might not want to be imported into Plaxo without their consent.

Company and blogger have now made up, with Scoble having achieved his goal of enhancing his notoriety and outsider status by standing up for users right to have access to 'their' data - even when that data is personal information about other people.

And Facebook has backed away from another PR embarrassment, although not without some loss of face since it is unlikely that an unknown accountant from Basingstoke would have been allowed to return after such an egregious breach of the site's rules.

Blurring boundaries

The spat has helped highlight the issue of data ownership and data portability, and may even lead to more careful consideration of who can do what with the information found around the internet.

But it also shows how important Facebook has become as the focal point for any discussion of this type. It is our lightning conductor for many of the issues which are emerging as important in the new, online world, and that will ensure that it will be dragged into stories to make a point, even when it is not directly involved.

Of course the chances are that the site will also merit some coverage because of the way it grows.

In his list of technology predictions for 2008 noted computer scientist Ed Felten includes 'a Facebook application will cause a big privacy to-do', and he's not alone in this belief.

One reason for this is that Facebook founder Mark Zuckerberg comes from the generation that grew up with the network in their lives, for whom the boundaries between offline and online relationships have always been indeterminate and to some extent irrelevant.

Mark Zuckerberg, part of a new generation of networkers

Zuckerberg's instincts are those of the children who flock to MySpace, Bebo and YouTube, not those of the older users who are now using the tools his company has developed.

This culture clash is an interesting reversal of the old order, in which teenagers would grow into a world defined by their parents and have to learn how to assert their own desires and demands.

Adults going online for the first time are entering a world that has been shaped by the interests, desires and concerns of the younger generation, a world that does not operate according to the rules they have followed in real life.

It is hardly surprising that there are differences of opinion, or that the practices of the various social sites sometimes cause concern for parents, politicians or teachers.

It will be interesting to see whether some compromise can be achieved in the coming months and years, or whether the rapid rate of network development means that even Mark Zuckerberg will end the year complaining that the youngsters are just not behaving responsibly online.

Source from: news.bbc.co.uk

Read More..

Facing the future Facebook style

Facebook has become so influential it is bound to create headlines

Regular commentator Bill Thompson ruminates on the inevitability of Facebook being in the news in 2008

It might just manage to avoid upsetting its users with new services such as Beacon, the misjudged advertising feature that told your friends about your purchases.

It might spot fake profiles of famous people, like the two Bilawal Bhutto entries that fooled both Facebook and some newspapers, and remove them before they get noticed.

And it could even avoid falling victim to one of the frauds that are likely to be perpetrated against users of all social network sites.

But even if Facebook is lucky it will still get a lot of coverage.

Because during 2007 it became the social site of choice for journalists, politicians, bloggers and others who see MySpace as for the kids and LinkedIn as too business-oriented for friends.

Face off with blogger

The spat has helped highlight the issue of data ownership and data portability, and may even lead to more careful consideration of who can do what with the information found around the internet.

It also means that when Facebook is directly involved in a story then it will be bigger than it may otherwise have been.

We saw this recently in the fuss over the site's treatment of Robert Scoble, one of the more significant technology bloggers and a former Microsoft employee and evangelist.

Scoble, who has complained that Facebook limits him to 'only' 5,000 online friends, used a program to read each name, e-mail address and date of birth and import them into another social service, Plaxo Pulse.

When you sign up for Facebook "you agree not to use the Service or the Site to harvest or collect e-mail addresses or other contact information of other users from the Service or the Site by electronic or other means for the purposes of sending unsolicited emails or other unsolicited communications".

Since Scoble was using an automated script to harvest addresses he was clearly breaking this condition, so Facebook suspended his account just as it would for any other user.

Data issues

However Scoble is an A-list blogger so when he wrote about his suspension it generated a storm of comment.

At first people were broadly on his side, criticising Facebook for acting as if it owned his network of contacts.

Others then weighed in, pointing out that the birth dates and e-mail addresses Scoble had taken didn't belong to him but to his Facebook friends, many of whom might not want to be imported into Plaxo without their consent.

Company and blogger have now made up, with Scoble having achieved his goal of enhancing his notoriety and outsider status by standing up for users right to have access to 'their' data - even when that data is personal information about other people.

And Facebook has backed away from another PR embarrassment, although not without some loss of face since it is unlikely that an unknown accountant from Basingstoke would have been allowed to return after such an egregious breach of the site's rules.

Blurring boundaries

The spat has helped highlight the issue of data ownership and data portability, and may even lead to more careful consideration of who can do what with the information found around the internet.

But it also shows how important Facebook has become as the focal point for any discussion of this type. It is our lightning conductor for many of the issues which are emerging as important in the new, online world, and that will ensure that it will be dragged into stories to make a point, even when it is not directly involved.

Of course the chances are that the site will also merit some coverage because of the way it grows.

In his list of technology predictions for 2008 noted computer scientist Ed Felten includes 'a Facebook application will cause a big privacy to-do', and he's not alone in this belief.

One reason for this is that Facebook founder Mark Zuckerberg comes from the generation that grew up with the network in their lives, for whom the boundaries between offline and online relationships have always been indeterminate and to some extent irrelevant.

Mark Zuckerberg, part of a new generation of networkers

Zuckerberg's instincts are those of the children who flock to MySpace, Bebo and YouTube, not those of the older users who are now using the tools his company has developed.

This culture clash is an interesting reversal of the old order, in which teenagers would grow into a world defined by their parents and have to learn how to assert their own desires and demands.

Adults going online for the first time are entering a world that has been shaped by the interests, desires and concerns of the younger generation, a world that does not operate according to the rules they have followed in real life.

It is hardly surprising that there are differences of opinion, or that the practices of the various social sites sometimes cause concern for parents, politicians or teachers.

It will be interesting to see whether some compromise can be achieved in the coming months and years, or whether the rapid rate of network development means that even Mark Zuckerberg will end the year complaining that the youngsters are just not behaving responsibly online.

Source from: news.bbc.co.uk

Read More..

India's greener IT revolution

Indian children are getting online in much greater numbers

The man who helped mastermind India's "green revolution" in agriculture in the 1960s is now hoping to do a similar thing for information technology in the country.

MS Swaminathan was one of the key figures in the plan to make India nearly self-sufficient in food through technology which allowed for intensive farming techniques.

And he is now behind efforts to get India's rural poor online as quickly possible - through mobile phones, information kiosks and even resource centres, connected through the satellites of the Indian Space Research organisation.

He told BBC World Service's Digital Planet programme how he is now pioneering efforts to connect as many of the country's population as possible to the internet so that they can be part of a new "knowledge revolution."

"I always said the green revolution helped increase the productivity of wheat and rice and so on - but the knowledge revolution which we have launched increases productivity in all its dimensions," he said.

Cutting bureaucracy

Mr Swaminathan said that the information-centred approach is India's "evergreen revolution" - a perpetual increase in productivity without ecological harm.

He said there is currently a very big gap between "scientific know-how" and "free-level do-how"; one that can only be bridged by IT techniques.

Farming was revolutionised through hybrid grain seeds

He explained that crucially, India's typically tight bureaucracy had in fact been comparatively untroubling.

"Fortunately, in our own work, bureaucracy is not involved," he said.

"In the whole IT sector in India, the reason there was explosive growth was because bureaucracy had very little role.

"The same thing happened in the green revolution - the farmers who did the trick in the 60s - we just gave them the seeds and the technology and they went on.

"Similarly, IT is one area where there is a lot of creative work; there are a lot of systems of empowerment for people. But we can only show the way - the government will have to do the scaling up."

He also stressed that Said it will be even more significant.

"It will be even more important, because it can impinge on every aspect of human life," he said.

"Health, HIV-Aids, tuberculosis, and even deficiencies in diet. Many of these problems can only be eradicated by education, knowledge, empowerment - the dynamic information at the right time and the right place."Can we fix it? Yes! Role of the insiders The week ahead

Source from: news.bbc.co.uk

Read More..

Facing the future Facebook style

Facebook has become so influential it is bound to create headlines

Regular commentator Bill Thompson ruminates on the inevitability of Facebook being in the news in 2008

It might just manage to avoid upsetting its users with new services such as Beacon, the misjudged advertising feature that told your friends about your purchases.

It might spot fake profiles of famous people, like the two Bilawal Bhutto entries that fooled both Facebook and some newspapers, and remove them before they get noticed.

And it could even avoid falling victim to one of the frauds that are likely to be perpetrated against users of all social network sites.

But even if Facebook is lucky it will still get a lot of coverage.

Because during 2007 it became the social site of choice for journalists, politicians, bloggers and others who see MySpace as for the kids and LinkedIn as too business-oriented for friends.

Face off with blogger

The spat has helped highlight the issue of data ownership and data portability, and may even lead to more careful consideration of who can do what with the information found around the internet.

It also means that when Facebook is directly involved in a story then it will be bigger than it may otherwise have been.

We saw this recently in the fuss over the site's treatment of Robert Scoble, one of the more significant technology bloggers and a former Microsoft employee and evangelist.

Scoble, who has complained that Facebook limits him to 'only' 5,000 online friends, used a program to read each name, e-mail address and date of birth and import them into another social service, Plaxo Pulse.

When you sign up for Facebook "you agree not to use the Service or the Site to harvest or collect e-mail addresses or other contact information of other users from the Service or the Site by electronic or other means for the purposes of sending unsolicited emails or other unsolicited communications".

Since Scoble was using an automated script to harvest addresses he was clearly breaking this condition, so Facebook suspended his account just as it would for any other user.

Data issues

However Scoble is an A-list blogger so when he wrote about his suspension it generated a storm of comment.

At first people were broadly on his side, criticising Facebook for acting as if it owned his network of contacts.

Others then weighed in, pointing out that the birth dates and e-mail addresses Scoble had taken didn't belong to him but to his Facebook friends, many of whom might not want to be imported into Plaxo without their consent.

Company and blogger have now made up, with Scoble having achieved his goal of enhancing his notoriety and outsider status by standing up for users right to have access to 'their' data - even when that data is personal information about other people.

And Facebook has backed away from another PR embarrassment, although not without some loss of face since it is unlikely that an unknown accountant from Basingstoke would have been allowed to return after such an egregious breach of the site's rules.

Blurring boundaries

The spat has helped highlight the issue of data ownership and data portability, and may even lead to more careful consideration of who can do what with the information found around the internet.

But it also shows how important Facebook has become as the focal point for any discussion of this type. It is our lightning conductor for many of the issues which are emerging as important in the new, online world, and that will ensure that it will be dragged into stories to make a point, even when it is not directly involved.

Of course the chances are that the site will also merit some coverage because of the way it grows.

In his list of technology predictions for 2008 noted computer scientist Ed Felten includes 'a Facebook application will cause a big privacy to-do', and he's not alone in this belief.

One reason for this is that Facebook founder Mark Zuckerberg comes from the generation that grew up with the network in their lives, for whom the boundaries between offline and online relationships have always been indeterminate and to some extent irrelevant.

Mark Zuckerman, part of a new generation of networkers

Zuckerberg's instincts are those of the children who flock to MySpace, Bebo and YouTube, not those of the older users who are now using the tools his company has developed.

This culture clash is an interesting reversal of the old order, in which teenagers would grow into a world defined by their parents and have to learn how to assert their own desires and demands.

Adults going online for the first time are entering a world that has been shaped by the interests, desires and concerns of the younger generation, a world that does not operate according to the rules they have followed in real life.

It is hardly surprising that there are differences of opinion, or that the practices of the various social sites sometimes cause concern for parents, politicians or teachers.

It will be interesting to see whether some compromise can be achieved in the coming months and years, or whether the rapid rate of network development means that even Mark Zuckerberg will end the year complaining that the youngsters are just not behaving responsibly online.

Source from: news.bbc.co.uk

Read More..

Do you know what they know about you?

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing. The scandal of the 25 million missing records has highlighted the vulnerability of data.

It is easy to develop a sense of creeping paranoia when you begin to contemplate just how many companies, government departments and other organisations know your personal data.

She said it would be naive to think that an encounter with one organisation means one isolated database is queried. Typically data is gathered from many sources before a decision is reached.

For instance the USVISIT border system, which is consulted when Britons cross from the UK to the US, mines about 30 separate databases as it checks identities.

Ms Gallagher and colleague Peter Bradwell will release their report in early December.

"Pretty much every organisation you engage with day-to-day - from clicking your Oyster card to ordering your take away - means sharing personal information."

That sharing of data, she said, has become entwined with modern life and it was a mistake to think that sharing information so often only has a downside.

You are not going to get people complying with data protection on the basis of good will

Anyone that tries to stop their personal data leaking away often find they are denied benefits enjoyed by those that are happier to share.

For instance, paying cash for everything will keep your name off credit checking databases. However, without the re-assurance of that check banks and credit card companies may refuse to issue a loan or mortgage. Data control

And there are a lot of people within companies, government and other organisations that are allowed to use data that can be used to identify you.

According to the 2006/7 annual report from the Information Commissioner there are more than 287,000 data controllers in the UK who have a responsibility for making sure that personal data is used correctly.

Personal data in this sense is information that can be used to identify an individual.

Many of those data controllers will oversee many more who actually do the job of maintaining and expanding the databases holding the data.

And it does not stop there. The web is helping that data take wing and travel farther than ever before.

Government departments are increasingly sharing data

What few people realise, said Ms Gallagher, was that handing over data to one organisation can mean that it reaches many others and becomes an entry on the database they maintain.

"There is no awareness of what happens to that data when you give it away," said Ms Gallagher.

"It is not so much the organisations with which you willingly share data," she said, "it is where it goes after that."

Many organisations that collect data, such as credit checking agencies, were under commercial pressure to widen the scope of what they collect, said Ms Gallagher.

No longer are firms just interested in the basic facts about you - now what matters as much as what type of credit card you own is when you go shopping, which stores you visit and what you buy.

That pattern holds as much information as the raw facts about you - it helps companies decide which socio-economic bracket to put you and how to go about tailoring marketing to fit you and your lifestyle.Watching them

Surveillance and the collection of data about people has become so pervasive that it has spawned a dedicated research organisation - the Surveillance Studies Network.

Dr Kirstie Ball, a senior lecturer at the Open University, said that although many social scientists been studied the subject for years the pervasiveness of that scrutiny was prompting an upsurge of interest.

"That personal data held by every organisation you interact with runs the parameters of your existence, your consumption, your entitlements," she said.

Almost every time you fill in a form the data makes it to a database

"We're all interested in the collection and application of personal data and its consequences for individual rights and social science concepts such as trust and discrimination," said Dr Ball.

"It merits study and understanding because its consequences can be tangible," she said.

For instance, she said, an employee ticking the wrong box when they enter your data into a database could mean a person ends up labelled as a former criminal or credit liability.

It is possible to ask to see the data that companies and organisations hold about you, but a very small number of people take up this opportunity to vet what is known about them. Making sure all of it is accurate would be a mammoth task.

For Ms Gallagher at Demos beefing up the power of the Information Commissioner to enforce the Data Protection Act would help redress some of the imbalance between the data companies hold about us.

"Organisations and companies should be responding to the way we live," she said.

Only by using those powers will the creeping spread of that data be held stemmed.

"You are not going to get people complying with data protection on the basis of good will," she said. "Data is just too valuable."

Her Majesty's Revenue and Customs has set up a Child Benefit Helpline on 0845 302 1444 for customers who want more details.Blow by blow Life in the freezer The year ahead

Source from: news.bbc.co.uk

Read More..

How firms and fraudsters deal in data

Organisations should have policies that govern who does what with data

The information lost by the HMRC could prove very valuable to fraudsters, computer security experts say.

"In the fraud underworld the quality of data directly impacts the flexibility with which they can use it," said Andrew Moloney, financial services market director for RSA Security.

There was no evidence yet that the data was being talked about or sold on the fraud boards and net markets that his company monitors, he said.

However, most vendors of stolen data rarely mention where they got it from. Instead, they typically only mention its quality.

Mr Moloney said there was a well-established chain of buyers and sellers who can handle large amounts of data and pass them on to those that wish to use them to commit fraud.Safeguarding data

"That's partly grown up to protect the anonymous individuals involved," he said, "and partly because we have seen specialisms develop with individuals finding their own niche in that underground economy."

What also made the data attractive to fraudsters, said Mr Moloney, was that much of the data in it, such as names of children and birth dates, cannot be changed and will be valuable if it reaches criminals in the next week or the next year.

"Once it's compromised it is compromised for the long term," he said.

With computerised databases long established in large organisations, a series of policies and practices has grown up to safeguard the sensitive data they contain - in theory.

In the front line of these safeguards are the strictures laid down by the Data Protection Act which is policed by the Information Commissioner.

The Act details what workers can and cannot do with sensitive data and how it must be treated as well as what staff should do to ensure it is not compromised.

In a statement issued after the HMRC data loss was made public Richard Thomas, the information commissioner, said his organisation was already investigating two other breaches at the government department.Data commandments

"Searching questions need to be answered about systems, procedures and human error inside both HMRC and the National Audit Office," said Mr Thomas.

Much of the lost data, such as birth dates, cannot be changed

Beyond data protection laws most organisations develop their own policies which govern how staff should treat such sensitive information, said Paul Simmonds, a board member of the Jericho Forum - a trade association for IT security bosses at the world's largest organisations.

He said the Jericho Forum had developed a series of "commandments" which organisations should strive to live up to. They detail what organisations should do to ensure data is used appropriately.

They cover such things as levels of security for different types of data; authentication to ensure data use is appropriate and how to share responsibilities for safeguarding information.

"The Jericho Forum has long stated that data must be properly protected, both in transit and at rest," said Mr Simmonds. "Effectively this means sensitive data must always be encrypted.

"This data loss is just another in a long list of organisations who ignore basic security principles," he added.Shore up defences

Paul Davie, head of database security firm Secerno, said many companies were turning to technology to help shore up their defences.

Security systems that oversaw interaction between a database and its users helped to do more than just stop bad guys from the outside stealing data, he said.

There are many places online where data is bought and sold

"They want to understand the way the database is being queried by authorised users and what counts as normal use," said Mr Davie.

"The technology is there to detect unusual behaviour such as a junior downloading huge amounts of data," he added.

Evidence suggests that technology has a significant role to play. A University of Washington study released in March 2007 showed that 60% of data breaches were the result of bad practices inside organisations rather than hackers.

"This is really high quality data," he said.

Hackers have increasingly targeted databases, he said, because the information inside them was so valuable and well organised.

By contrast data gathered by other hacker tools such as key logging software installed surreptitiously on PCs that watches what people type can produce reams of information that must be cleaned up before it is useable or saleable.

Murky world Epic battle Delays, delays

Source from: news.bbc.co.uk

Read More..

BitTorrent search site loses case

The film industry is aiming to stop movie piracy

A website which facilitated the online exchange of films, music and TV programmes without permission has lost a US copyright case.

TorrentSpy was taken to court by the Motion Picture Association of America.

A judge made a default ruling in favour of the MPAA after she said the site's operators had tampered with evidence.

The site had ignored an order to retain server logs and the unique online addresses of computers which traded files using the BitTorrent program.

The ruling could have personal privacy implications because the information TorrentSpy had been told to retain was held in Random Access Memory of computers.

Defendants Justin Bunnell, Forrest Parker, Wes Parker and Valence Media originally had argued that its servers were located in the Netherlands and so were protected by Dutch law from having to turn over server logs.

'Obstreperous' conduct

The judge then asked for information from the Ram in their computers but the defendants failed in their attempt to argue the data was temporary and therefore could not be retained.

The defendants' conduct was "obstreperous," Judge Florence-Marie Cooper wrote in her decision.

"They have engaged in widespread and systematic efforts to destroy evidence and have provided false testimony under oath in a effort to hide evidence of such destruction.

"A substantial number of items of evidence have been destroyed," she wrote. "Defendants were on notice that this information would be of importance in this case."

TorrentSpy's lawyer Ira Rothken said his clients had concerns about protecting users' privacy.

TorrentSpy is expected to appeal Judge Cooper's decision.

A ruling on damages will happen at a later date.

The MPAA, which filed the case against TorrentSpy in February 2006, welcomed the ruling.

"The court's decision... sends a potent message to future defendants that this egregious behaviour will not be tolerated by the judicial system," John Malcolm, the MPAA's executive vice president and director of worldwide anti-piracy operations, said in a statement.

"The sole purpose of TorrentSpy and sites like it is to facilitate and promote the unlawful dissemination of copyrighted content. TorrentSpy is a one-stop shop for copyright infringement."Murky world Epic battle Delays, delays

Source from: news.bbc.co.uk

Read More..

Government cracks broadband whip

Few people get the advertised top speed for broadband

Broadband firms could face formal action if they fail to give consumers accurate information about the speed they will get when they sign up.

The warning comes from Ofcom as it moves to ensure that net firms do not oversell broadband in advertising.

Customers should get specific data about the speed on their line or be able to back out of the deal.

The regulator said new guidelines on the selling of broadband should come into force early in 2008.

Clear information

The warning came in a letter sent by Ofcom boss Ed Richards to the Ofcom Consumer Panel in response to its work with broadband suppliers on the advertising and selling of high-speed services.

In October the panel talked to chief executives at the UK's top six net service firms to find out why consumers often do not get the speeds broadband firms advertise.

Net firms have been criticised for advertising their services using the phrase "up to" that can give consumers a false sense of the speed they will get when they sign up.

The Ofcom Consumer Panel said speeds advertised as "up to" a certain level end up being much slower in reality.

The panel called on Ofcom to set up and administer a mandatory code of practice for net firms.

Panel chairman Colette Bowe said: "This code would establish agreed processes to give the customer the best information during and after the sales process, and to give them flexibility to move freely to different packages that reflect the actual speeds with which their ISPs are able to provide them."

The code would let customers know as they sign up about the maximum theoretical speed they can get on their line; provide information about what affects line speed and call customers two weeks after installation to let them know what speed they are getting.

At that time, if speeds were "significantly" lower than those someone signed up for, customers should be able to swap to a different package free of charge or back out of the deal.

Customers should get more data about what can slow line speed

The consumer panel talked to net firms about the problem with line speeds following widespread reports that consumers were disappointed with the broadband speeds they were getting.

In late September a study by UK magazine Computeractive found that 62% of those who used its speed testing software were browsing the net at less than half of the top speed advertised by their supplier.

It also said Ofcom should put more information on its website to give consumers as much information as possible before they sign up or switch suppliers.

In his response Ofcom boss Ed Richards backed the consumer panel work and said it was talking to the broadband industry about how best to implement the recommendations.

The result of these discussions should be made public early in 2008, he said.

"We are keen that any measures are implemented in the shortest time frame possible," said Mr Richards. "At this stage, we have not ruled out the possibility of using formal powers if we consider it would be more effective in delivering our objectives."

A spokeswoman for Ofcom said that currently the regulator had no powers to enforce the new arrangements on the selling of broadband but would seek them by beefing up the guidelines net firms must abide by.

"This is a considerable consumer issue we are concerned by," said the spokeswoman. "We think consumers should get what they pay for. It's an important decision for them."Delays, delays Beer and Buddhism Special delivery

Source from: news.bbc.co.uk

Read More..

What search engines know about us

Google informs me of the sites I have visited most in the last week

As Google comes under scrutiny over its privacy policies in Europe, our technology editor looks at the information that search engines and web services firms record about us.

The websites I visit most frequently include the BBC News website, Wikipedia, Microsoft, Apple and Cnet, while Pirate Bay, the World Time Clock and RFID and wi-fi are among my most searched for terms in the last 30 days.

I know this because Google tells me so. As a Google account holder, and because I asked it to, the computer giant records how I use the internet whenever I am logged into its service.

The data is quite detailed: it shows that I do most of my search engine queries between 11am and noon, but also that I am still busy online through most evenings.

It tells me the products I have searched for, the news items, the video clips, the images and even the maps I have looked at.

If anyone were to look at this information, they would have a comprehensive idea of my lifestyle, my interests and potentially even my movements - Google records that I searched for the location of a hairdressers in Richmond last week.

Yahoo and Microsoft's MSN probably know a lot about me too. I am frequently logged into their services, and while I don't use their search engines, both firms know some personal details because I had to provide them when I registered.

And this is what worries some privacy experts. They want to ensure that this information remains private and is not abused in any way.

The simplest method used by websites to track behaviour is a cookie. These small files are stored on your computer each time you use the net and note the details of the computer that accesses a web page.

Each cookie contain an anonymous unique identifier related to the computer you are using.

As individuals and society we need to learn new ways to deal with wanting to be identifiable, wanting to be anonymous and wanting to be pseudonymous

Why do firms like Yahoo and Google collect this information?

At the simplest level, the firms track our web usage so they can optimise our experience in the future.

Cookies store preferences, such as language settings, and can also tell websites the preceding website we were looking at and site we go to next.

Yahoo, Google and Microsoft also use web beacons, a tiny electronic image on a web page, which helps them analyse a user's behaviour online.

These firms make money online by targeting advertising to users when a search is performed or alongside their web products.

For advertisers, the attraction of the online space is being able to talk directly to customers whom they know are interested in their products or product area.

But who else gets to see or use this personal information? Is my web history, or information about which adverts I look at, being handed over to third parties?

'Never transfer'

According to Google, May is a very popular month for my searches

"We will never transfer to third parties, including advertisers, any personally identifiable information about our users - that includes IP addresses and account details."

Yahoo and MSN's privacy policies also say they do not disclose personal information to third parties without user consent.

Search engines are able to serve up targeted adverts to users not because they know who each user is by name, but because search engines and web services are engineered to interpret what information we are seeking online.

Personal information

Yahoo combines non-identifiable personal data from account holders, with the web history from using Yahoo websites and services to create a detailed, yet anonymous, profile of a user. That data is then used to serve targeted adverts.

Google does not utilise a user's web surface history to target adverts unless the user has signed up to its personalised web search system.

And it only stores personal information when it has asked a user's opinion.

Mr Fleischer says: "It should always be an opt in if the service proposes to collect sensitive personal information, such as health information.

"If it is doing something routine, then an opt out is fine, such as downloading cookies to a machine."

Mr Fleischer explains: "If you are a user of personalised search - which is an opt-in service - we could take into account your web browsing history from the past to provide more relevant search results.

"The advertisers would be bidding against those more relevant search results."

So does it matter if that information about us is anonymised?

Mr Fleischer believes that it is inevitable that more and more data will exist about us in cyberspace but does not think that will mean our right to privacy is compromised.

"More and more of these services will offer choice about how to use them.

"I am speculating here, but I would expect that people will be able to say how they want to use services, whether in an identifiable capacity or under a pseudonym.

"There are all kinds of different levels of transparency you can choose to represent different parts of your lives. Over time people will become much more sophisticated about how they use all this online data about themselves."

He adds: "We are in a transition generation right now. As individuals and society we need to learn new ways to deal with wanting to be identifiable, wanting to be anonymous and if we want to be pseudonymous.

"Technology companies will build tools for people to do this. It will become a very natural part of our lives within five years."

Carbon footprints In pictures Justin Webb's blog

Source from: news.bbc.co.uk

Read More..

Ask rolls out search privacy tool

The AskEraser will feature prominently on the site

Search engine Ask has launched a feature that it hopes will prove a selling point for consumers concerned about their online privacy.

AskEraser allows users to immediately delete search queries stored on Ask's servers, in contrast to rivals such as Google which stores data for 18 months.

How personal data is used is becoming more of an issue as people live more of their lives via search engines.

Some are concerned about possible deals between search engines and ad firms.

In America consumer advocacy groups have expressed doubts about a proposed merger between Google and ad-serving company DoubleClick, which is currently being reviewed by US regulators.

Privacy issues

Jumping on the privacy bandwagon, Ask is offering users the chance to take charge of what happens with their search history.

An AskEraser link will feature prominently on the Ask.com homepage and, when enabled by the user, will delete all future search queries and associated cookie information from its servers.

The information it destroys includes IP address, user ID and session ID along with the complete text of a query.

Jim Lanzone hopes the tool will lure users concerned about privacy

"For people who worry about their online privacy, AskEraser now gives them control of their search information," said Jim Lanzone, chief executive of Ask.com.

But some critics have pointed out that it doesn't entirely erase all information as search queries relating to advertisements supplied by Google will continue to be passed to the search rival.

Other search engines are attempting to quell concerns about privacy and most operate polices which mean search histories are deleted between a year and 18 months after they were made.

But some consumers are getting twitchy about how their data is shared, following some high-profile cases.

In August 2006 AOL was forced to apologise after it released the search queries of more than 650,000 of its US subscribers to help in academic research.

Although users' names were not associated with the search terms, fears were raised that the queries contained personally identifiable data. It was not clear which researchers were given the data and how they intended to use it.

And just last week Mark Zuckerberg, the founder of social networking site Facebook, had to make changes to a new advertising system after more than 50,000 users complained about it.

Called Beacon, the system is designed to track web shopping on partner sites outside Facebook with the intention of providing targeted adverts to the social network based on purchases.

After complaints the site was invading privacy, Facebook changed Beacon from an opt-out system to opt in.

Mr Zuckerberg has said users can now switch off Beacon completely.

"Paying with privacy"

Despite these cases not everyone is convinced that privacy is a big enough winner for users to desert their favoured search engine for Ask.

"The press loves to run stories about the hidden privacy concerns caused by data collected online, but consumers have taken an "out of sigh, out of mind" approach," commented technology blog TechCrunch.

"We're finding that people are willing to pay for the best free products with their privacy," it added.

Surveys conducted in the US seem to bear this out. While a majority of Americans say they are concerned about their online privacy, only a tiny percentage are actually prepared to take steps to protect it.

Yahoo believes that its current privacy policy is sufficient.

"Search log data is anonymised within 13 months of collection except where users request otherwise or where Yahoo! is required to retain the information to comply with legal obligations.," the firm said in a statement.

"We believe the 13 month-policy is the appropriate timeline to honour our commitment to our users' privacy while preserving our ability to defend against fraudulent activity and continue to improve our services," it read.

Google said it had no plans to implement such a tool.

The highly competitive search engine market, which is dominated by Google, means rivals are increasingly searching for applications that differentiate them.

According to internet measurement firm comScore, Ask accounted for 4.7% of US searches during October. Google took the lion's share with 58.5%, with Yahoo accounting for 22.9% and Microsoft for 9.7%.Carbon footprints In pictures Justin Webb's blog

Source from: news.bbc.co.uk

Read More..

Net vigilantes 'should listen more'

Regular columnist Bill Thompson wants "net vigilantes" to focus more on customer service.

Sometime in October a malicious program exploited a security flaw in the Wordpress software I use to host my weblog and injected some extra commands into one of the widgets I use to add features to the site.

They opened up a connection between the blog and a site that tried to download a malicious piece of software to any site visitor unfortunate enough to be using Microsoft's Internet Explorer.

Anyone who visited my site would have been prompted to install a clearly unwanted piece of software, although as far as I know nobody was affected. However I can't be sure and hope that I didn't unwittingly cause damage to anyone else's computer.

I upgrade my installation regularly, and apply new security patches as they come out, but this happened in the few days before the release of a new version and I was caught.

Yet I only found out about the problem when a kind reader e-mailed me to tell me that Google was warning prospective visitors that my blog might "harm" their computer.

Malware on websites isn't the only area where private organisations are taking on this sort of police action

I hadn't noticed the warning because, strange as it may seem, I don't Google my own name that often (searching blogs is a different matter, of course).

And I hadn't found out from Google, either because they didn't send any emails or because the company that acts as technical contact for my site didn't bother passing them on.

Once I knew what had happened I searched for and found the offending code, but it has taken three weeks to get the Google warning removed, and the experience has been a salutary one.

I started off at StopBadware, the organisation Google works with to flag sites hosting malicious code.

Fighting Badware

I searched for information about what they had found on my site and discovered that although Google had flagged my blog it hadn't passed any information on to StopBadware.

So I requested a review using the form provided, hoping to get some information to help me find out what had happened and which pages were affected.

I had to e-mail them three times before I got a reply, and had to wait 10 days for that, and even then there was no information on exactly what Google had found on my site, so I had to search myself.

Eventually I discovered that I could find a lot more information and request a review more effectively by signing up for Google's Webmaster Tools.

This is a great service, but it isn't something my small blog really needs and of course signing up gives Google access to a lot of information about what I'm up to, information I'd rather they didn't have.

But when the alternative is a blood-red sign saying "All hope abandon, ye who enter here" splashed over Google's search results there really is no choice.

And now my site is clean and Google likes me again.

Malware on websites isn't the only area where private organisations are taking on this sort of police action. There is a similar debate going on over e-mail and spam, with groups like Spamhaus creating lists of servers that they believe are sending out spam.

Other organisations subscribe to the Spamhaus Block List and will block emails from those servers.

Their approach is pretty effective at closing spam relays, but of course sometimes the listing is wrong and sometimes there is collateral damage, when a server used by an ISP is listed and all of its customers are affected.

Part of me would like to see this sort of listing done by the appropriate authorities, perhaps even the police, with some degree of judicial overview and a formal appeals process.

Of course this is not going to happen, at least not on the global basis that would be needed to make it effective.

And the only real option for anyone who runs their own website is to sign up Webmaster Tools to keep an eye on what the rainbow monster thinks of them.

But if we're going to live in a world where Google, StopBadware, Spamhaus and all the other private organisations offering to make the net safe have so much power then we have to push them to do a better job, especially when it comes to communication.

The point is not that this is online vigilantism, although it surely is. The point is about accountability, openness, responsiveness and the other things that we require from state actors but too often leave up to the market to enforce for private companies.

For many of us our websites, email addresses, personal profiles and the other aspects of our online lives are vital parts of who we are.

The organisations and companies seeking to fill the gaps left by law enforcement need to tread carefully and must treat those affected with respect and care, or they cannot expect us to support them, however noble their intentions.

Source from: news.bbc.co.uk

Read More..

Net vigilantes 'should listen more'

Regular columnist Bill Thompson wants "net vigilantes" to focus more on customer service.

Sometime in October a malicious program exploited a security flaw in the Wordpress software I use to host my weblog and injected some extra commands into one of the widgets I use to add features to the site.

They opened up a connection between the blog and a site that tried to download a malicious piece of software to any site visitor unfortunate enough to be using Microsoft's Internet Explorer.

Anyone who visited my site would have been prompted to install a clearly unwanted piece of software, although as far as I know nobody was affected. However I can't be sure and hope that I didn't unwittingly cause damage to anyone else's computer.

I upgrade my installation regularly, and apply new security patches as they come out, but this happened in the few days before the release of a new version and I was caught.

Yet I only found out about the problem when a kind reader e-mailed me to tell me that Google was warning prospective visitors that my blog might "harm" their computer.

Malware on websites isn't the only area where private organisations are taking on this sort of police action

I hadn't noticed the warning because, strange as it may seem, I don't Google my own name that often (searching blogs is a different matter, of course).

And I hadn't found out from Google, either because they didn't send any emails or because the company that acts as technical contact for my site didn't bother passing them on.

Once I knew what had happened I searched for and found the offending code, but it has taken three weeks to get the Google warning removed, and the experience has been a salutary one.

I started off at StopBadware, the organisation Google works with to flag sites hosting malicious code.

Fighting Badware

I searched for information about what they had found on my site and discovered that although Google had flagged my blog it hadn't passed any information on to StopBadware.

So I requested a review using the form provided, hoping to get some information to help me find out what had happened and which pages were affected.

I had to e-mail them three times before I got a reply, and had to wait 10 days for that, and even then there was no information on exactly what Google had found on my site, so I had to search myself.

Eventually I discovered that I could find a lot more information and request a review more effectively by signing up for Google's Webmaster Tools.

This is a great service, but it isn't something my small blog really needs and of course signing up gives Google access to a lot of information about what I'm up to, information I'd rather they didn't have.

But when the alternative is a blood-red sign saying "All hope abandon, ye who enter here" splashed over Google's search results there really is no choice.

And now my site is clean and Google likes me again.

Malware on websites isn't the only area where private organisations are taking on this sort of police action. There is a similar debate going on over e-mail and spam, with groups like Spamhaus creating lists of servers that they believe are sending out spam.

Other organisations subscribe to the Spamhaus Block List and will block emails from those servers.

Their approach is pretty effective at closing spam relays, but of course sometimes the listing is wrong and sometimes there is collateral damage, when a server used by an ISP is listed and all of its customers are affected.

Part of me would like to see this sort of listing done by the appropriate authorities, perhaps even the police, with some degree of judicial overview and a formal appeals process.

Of course this is not going to happen, at least not on the global basis that would be needed to make it effective.

And the only real option for anyone who runs their own website is to sign up Webmaster Tools to keep an eye on what the rainbow monster thinks of them.

But if we're going to live in a world where Google, StopBadware, Spamhaus and all the other private organisations offering to make the net safe have so much power then we have to push them to do a better job, especially when it comes to communication.

The point is not that this is online vigilantism, although it surely is. The point is about accountability, openness, responsiveness and the other things that we require from state actors but too often leave up to the market to enforce for private companies.

For many of us our websites, email addresses, personal profiles and the other aspects of our online lives are vital parts of who we are.

The organisations and companies seeking to fill the gaps left by law enforcement need to tread carefully and must treat those affected with respect and care, or they cannot expect us to support them, however noble their intentions.

Source from: news.bbc.co.uk

Read More..

Do you know what they know about you?

Two computer discs holding the personal details of all families in the UK with a child under 16 have gone missing. The scandal of the 25 million missing records has highlighted the vulnerability of data.

It is easy to develop a sense of creeping paranoia when you begin to contemplate just how many companies, government departments and other organisations know your personal data.

She said it would be naive to think that an encounter with one organisation means one isolated database is queried. Typically data is gathered from many sources before a decision is reached.

For instance the USVISIT border system, which is consulted when Britons cross from the UK to the US, mines about 30 separate databases as it checks identities.

Ms Gallagher and colleague Peter Bradwell will release their report in early December.

"Pretty much every organisation you engage with day-to-day - from clicking your Oyster card to ordering your take away - means sharing personal information."

That sharing of data, she said, has become entwined with modern life and it was a mistake to think that sharing information so often only has a downside.

You are not going to get people complying with data protection on the basis of good will

Anyone that tries to stop their personal data leaking away often find they are denied benefits enjoyed by those that are happier to share.

For instance, paying cash for everything will keep your name off credit checking databases. However, without the re-assurance of that check banks and credit card companies may refuse to issue a loan or mortgage. Data control

And there are a lot of people within companies, government and other organisations that are allowed to use data that can be used to identify you.

According to the 2006/7 annual report from the Information Commissioner there are more than 287,000 data controllers in the UK who have a responsibility for making sure that personal data is used correctly.

Personal data in this sense is information that can be used to identify an individual.

Many of those data controllers will oversee many more who actually do the job of maintaining and expanding the databases holding the data.

And it does not stop there. The web is helping that data take wing and travel farther than ever before.

Government departments are increasingly sharing data

What few people realise, said Ms Gallagher, was that handing over data to one organisation can mean that it reaches many others and becomes an entry on the database they maintain.

"There is no awareness of what happens to that data when you give it away," said Ms Gallagher.

"It is not so much the organisations with which you willingly share data," she said, "it is where it goes after that."

Many organisations that collect data, such as credit checking agencies, were under commercial pressure to widen the scope of what they collect, said Ms Gallagher.

No longer are firms just interested in the basic facts about you - now what matters as much as what type of credit card you own is when you go shopping, which stores you visit and what you buy.

That pattern holds as much information as the raw facts about you - it helps companies decide which socio-economic bracket to put you and how to go about tailoring marketing to fit you and your lifestyle.Watching them

Surveillance and the collection of data about people has become so pervasive that it has spawned a dedicated research organisation - the Surveillance Studies Network.

Dr Kirstie Ball, a senior lecturer at the Open University, said that although many social scientists been studied the subject for years the pervasiveness of that scrutiny was prompting an upsurge of interest.

"That personal data held by every organisation you interact with runs the parameters of your existence, your consumption, your entitlements," she said.

Almost every time you fill in a form the data makes it to a database

"We're all interested in the collection and application of personal data and its consequences for individual rights and social science concepts such as trust and discrimination," said Dr Ball.

"It merits study and understanding because its consequences can be tangible," she said.

For instance, she said, an employee ticking the wrong box when they enter your data into a database could mean a person ends up labelled as a former criminal or credit liability.

It is possible to ask to see the data that companies and organisations hold about you, but a very small number of people take up this opportunity to vet what is known about them. Making sure all of it is accurate would be a mammoth task.

For Ms Gallagher at Demos beefing up the power of the Information Commissioner to enforce the Data Protection Act would help redress some of the imbalance between the data companies hold about us.

"Organisations and companies should be responding to the way we live," she said.

Only by using those powers will the creeping spread of that data be held stemmed.

"You are not going to get people complying with data protection on the basis of good will," she said. "Data is just too valuable."

Her Majesty's Revenue and Customs has set up a Child Benefit Helpline on 0845 302 1444 for customers who want more details.Hotel drama Race against time Fantastical feast

Source from: news.bbc.co.uk

Read More..

How firms and fraudsters deal in data

Organisations should have policies that govern who does what with data

The information lost by the HMRC could prove very valuable to fraudsters, computer security experts say.

"In the fraud underworld the quality of data directly impacts the flexibility with which they can use it," said Andrew Moloney, financial services market director for RSA Security.

There was no evidence yet that the data was being talked about or sold on the fraud boards and net markets that his company monitors, he said.

However, most vendors of stolen data rarely mention where they got it from. Instead, they typically only mention its quality.

Mr Moloney said there was a well-established chain of buyers and sellers who can handle large amounts of data and pass them on to those that wish to use them to commit fraud.Safeguarding data

"That's partly grown up to protect the anonymous individuals involved," he said, "and partly because we have seen specialisms develop with individuals finding their own niche in that underground economy."

What also made the data attractive to fraudsters, said Mr Moloney, was that much of the data in it, such as names of children and birth dates, cannot be changed and will be valuable if it reaches criminals in the next week or the next year.

"Once it's compromised it is compromised for the long term," he said.

With computerised databases long established in large organisations, a series of policies and practices has grown up to safeguard the sensitive data they contain - in theory.

In the front line of these safeguards are the strictures laid down by the Data Protection Act which is policed by the Information Commissioner.

The Act details what workers can and cannot do with sensitive data and how it must be treated as well as what staff should do to ensure it is not compromised.

In a statement issued after the HMRC data loss was made public Richard Thomas, the information commissioner, said his organisation was already investigating two other breaches at the government department.Data commandments

"Searching questions need to be answered about systems, procedures and human error inside both HMRC and the National Audit Office," said Mr Thomas.

Much of the lost data, such as birth dates, cannot be changed

Beyond data protection laws most organisations develop their own policies which govern how staff should treat such sensitive information, said Paul Simmonds, a board member of the Jericho Forum - a trade association for IT security bosses at the world's largest organisations.

He said the Jericho Forum had developed a series of "commandments" which organisations should strive to live up to. They detail what organisations should do to ensure data is used appropriately.

They cover such things as levels of security for different types of data; authentication to ensure data use is appropriate and how to share responsibilities for safeguarding information.

"The Jericho Forum has long stated that data must be properly protected, both in transit and at rest," said Mr Simmonds. "Effectively this means sensitive data must always be encrypted.

"This data loss is just another in a long list of organisations who ignore basic security principles," he added.Shore up defences

Paul Davie, head of database security firm Secerno, said many companies were turning to technology to help shore up their defences.

Security systems that oversaw interaction between a database and its users helped to do more than just stop bad guys from the outside stealing data, he said.

There are many places online where data is bought and sold

"They want to understand the way the database is being queried by authorised users and what counts as normal use," said Mr Davie.

"The technology is there to detect unusual behaviour such as a junior downloading huge amounts of data," he added.

Evidence suggests that technology has a significant role to play. A University of Washington study released in March 2007 showed that 60% of data breaches were the result of bad practices inside organisations rather than hackers.

"This is really high quality data," he said.

Hackers have increasingly targeted databases, he said, because the information inside them was so valuable and well organised.

By contrast data gathered by other hacker tools such as key logging software installed surreptitiously on PCs that watches what people type can produce reams of information that must be cleaned up before it is useable or saleable.

Fantastical feast Honeymoon over 'St Petersburg clan'

Source from: news.bbc.co.uk

Read More..