Article 43

 

Privacy And Rights

Wednesday, June 12, 2019

AC Phone Home

snooping on your pc

I got a new HONEYWELL THERMOSTAT for the air conditioner that has internet connectivity for remote access, and pulls a weather report.

Like everything IOT- it INSISTS ON A MIDDLEMAN (pretty much anyone after looking at their EULA) possibly peeking at the things connected to my network, and who knows WHAT ELSE:

The Internet has been around for around 20 years now, and its security is far from perfect. Hacker groups still ruthlessly take advantage of these flaws, despite spending billions on tech security. The IoT, on the other hand, is primitive. And so is its security.

Once everything we do, say, think, and eat, is tracked, the big data thats available about each of us is immensely valuable. When companies know our lives inside and out, they can use that data to make us buy even more stuff. Once they control your data, they control you.

Why can’t I just VPN into the house and connect to it that way?

Because then they can’t SNOOP.

Their EULA SAYS:

We may use your Contact Information to market Honeywell and third-party products and services to you via various methods

We also use third parties to help with certain aspects of our operations, which may require disclosure of your Consumer Information to them.

Honeywell uses industry standard web ANALYTICS to track web visits, Google Analytics and Adobe Analytics.

GOOGLE and Adobe may also TRANSFER this INFORMATION to third parties where required to do so by law, or where such third parties process the information on Google’s or Adobe’s behalf.

You acknowledge and agree that Honeywell and its affiliates, service providers, suppliers, and dealers are permitted at any time and without prior notice to remotely push software

collection and use of certain information as described in this Privacy Statement, including the transfer of this information to the United States and/or other countries for storage

Wonderful.

I connected it to the LAN without asking it to get the weather - or signing up for anything at HONEYWELL’S SITE.

As fast as I can turn my head to peek at the firewall - it was chatting on the internet, and crapped out with some SSL error:

‘SSL_PROTO_REJECT: 48: 192.168.0.226:61492 -> 199.62.84.151:443’
‘SSL_PROTO_REJECT: 48: 192.168.0.226:65035 -> 199.62.84.152:443’
‘SSL_PROTO_REJECT: 48: 192.168.0.226:55666 -> 199.62.84.153:443’

Maybe the website has a problem:

# curl -sslv2 199.62.84.151:443
* About to connect() to 199.62.84.151 port 443 (#0)
* Trying 199.62.84.151… connected
* Connected to 199.62.84.151 (199.62.84.151) port 443 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 199.62.84.151:443
> Accept: */*
>
* Closing connection #0
* Failure when receiving data from the peer

# curl -sslv3 199.62.84.151:443
* About to connect() to 199.62.84.151 port 443 (#0)
* Trying 199.62.84.151… connected
* Connected to 199.62.84.151 (199.62.84.151) port 443 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (i386-redhat-linux-gnu) libcurl/7.19.7 NSS/3.27.1 zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: 199.62.84.151:443
> Accept: */*
>
* Closing connection #0
* Failure when receiving data from the peer

# curl -tlsv1 199.62.84.151:443
curl: (56) Failure when receiving data from the peer

# curl -tlsv1.0 199.62.84.151:443
curl: (56) Failure when receiving data from the peer

# curl -tlsv1.1 199.62.84.151:443
curl: (56) Failure when receiving data from the peer

# curl -tlsv1.2 199.62.84.151:443
curl: (56) Failure when receiving data from the peer

# curl 199.62.84.151:80
curl: (56) Failure when receiving data from the peer

Then I pulled the plug.  Even if Honeywell’s website is broke - I still fear this thermostat will find a way to download software, and maybe START SPYING ON MY HOME NETWORK:

The US intelligence chief has acknowledged for the first time that agencies might use a new generation of smart household devices to increase their surveillance capabilities.

Maybe, someday I’ll firewall off HONEYWELL’S NETBLOCKS, connect it again, see where it goes.

For now - I’m too AFRAID:

When the cybersecurity industry warns about the nightmare of hackers causing blackouts, the scenario they describe typically entails an elite team of hackers breaking into the inner sanctum of a power utility to start flipping switches. But one group of researchers has imagined how an entire power grid could be taken down by hacking a less centralized and protected class of targets: home air conditioners and water heaters.

---

Think that’s bad?  Check this out

Dont Toss That Bulb, It Knows Your Password

By Tom Nardi
Hackaday
January 28, 2019

Whether it was here on Hackaday or elsewhere on the Internet, youҒve surely heard more than a few cautionary tales about the Internet of ThingsӔ by now. As it turns out, giving every gadget you own access to your personal information and Internet connection can lead to unintended consequences. Who knew, right? But if you need yet another example of why trusting your home appliances with your secrets is potentially a bad idea, [Limited Results] is here to make sure you spend the next few hours doubting your recent tech purchases.

In a series of POSTS on the [Limited Results] blog, low-cost smart bulbs are cracked open and investigated to see what kind of knowledge theyve managed to collect about their owners. Not only was it discovered that bulbs manufactured by Xiaomi, LIFX, and Tuya stored the WiFi SSID and encryption key in plain-text, but that recovering said information from the bulbs was actually quite simple. So next time one of those cheapo smart bulb starts flickering, you might want to take a hammer to it before tossing it in the trash can; you never know where it, and the knowledge it has of your network, might end up.’

Regardless of the manufacturer of the bulb, the process to get one of these devices on your network is more or less the same. An application on your smartphone connects to the bulb and provides it with the network SSID and encryption key. The bulb then disconnects from the phone and reconnects to your home network with the new information. It’s a process that at this point were all probably familiar with, and there’s nothing inherently wrong with it.

The trouble comes when the bulb needs to store the connection information it was provided. Rather than obfuscating it in some way, the SSID and encryption key are simply stored in plain-text on the bulbs WiFi module. Recovering that information is just a process of finding the correct traces on the bulbҒs PCB (often there are test points which make this very easy), and dumping the chips contents to the computer for analysis.

It’s not uncommon for smart bulbs like these to use the ESP8266 or ESP32, and [Limited Results] found that to be the case here. With the wealth of information and software available for these very popular WiFi modules, dumping the firmware binary was no problem. Once the binary was in hand, a little snooping around with a hex editor was all it took to identify the network login information. The firmware dumps also contained information such as the unique hardware IDs used by the cloudӔ platforms the bulbs connect to, and in at least one case, the root certificate and RSA private key were found.

On the plus side, being able to buy cheap smart devices that are running easily hackable modules like the ESP makes it easier for us to create custom firmware for them. Hopefully the community can come up with slightly less suspect software, but really just keeping the things from connecting to anything outside the local network would be a step in the right direction.

(Some days later)

[Limited Results] had hinted to us that he had previously disclosed some vulnerabilities to the bulb’s maker, but that until they fixed them, he didn’t want to make them public. They’re fixed now, and it appears that the bulbs were sending everything over the network unencrypted your data, OTA firmware upgrades, everything.  They’re using TLS now, so good job [Limited Results]! If you’re running an old version of their lightbulbs, you might have a look.

On WiFi credentials, we were told: “In the case where sensitive information in the flash memory wasn’t encrypted, the new version will include encrypted storage processing, and the customer will be able to select this version of the security chips, which can effectively avoid future security problems.” Argue about what that actually means in the comments.

SOURCE

Posted by Elvis on 06/12/19 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Tuesday, June 04, 2019

Still Looking For Reasons To Keep Away From Windows? Part 22

badwindows.jpg

Russia’s Would-Be Windows Replacement Gets a Security Upgrade

By Patrick Tucker
Defense One
May 28, 2019

For sensitive communications, the Russian government aims to replace the ubiquitous Microsoft operating system with a bespoke flavor of Linux, a sign of the country’s growing IT independence.

For the first time, Russia has granted its highest security rating to a domestically developed operating system deeming ASTRA LINUX suitable for communications of “special importance” across the military and the rest of the government. The designation clears the way for Russian intelligence and military workers who had been using Microsoft products on office computers to use Astra Linux instead.

There is hope that the domestic OS [operating system] will be able to replace the Microsoft product. “Of course, this is good news for the Russian market,” said German Klimenko, former IT advisor to Russian President Vladimir Putin and chairman of the board of Russia’s Digital Economy Development Fund, a venture capital fund run by the government. Klimenko spoke to the Russian newspaper Izvestia on Friday.

Although Russian officials used Windows for secure communications, they heavily modified the software and subjected Windows-equipped PCs to lengthy and rigorous security checks before putting the computers in use. The testing and analysis was to satisfy concerns that vulnerabilities in MICROSOFT OPERATING SYSTEMS could be patched to prevent hacking from countries like the United States. Such evaluations could take three years, according to the newspaper.

A variant of the popular Linux open-source operating system, Astra Linux has been developed over the past decade by Scientific/Manufacturing Enterprise Rusbitech. In January 2018, the Russian Ministry of Defense said it intended to switch to Astra Linux as soon as it met the necessary security standards. Before that, the software had been on some automated control systems, such as the kind sometimes found on air defense systems and some airborne computer systems.

It’s another example of Russia’s self-imposed IT exile, along with the efforts to disconnect the country from the global Internet by 2021 and to create its own domain name service.

“The Russian government doesn’t trust systems developed by foreign companies to handle sensitive data, due to fears of espionage through those systems,"” said Justin Sherman, Cybersecurity Policy Fellow at New America. Using domestically produced technologies to manage sensitive data is just another component of the Kremlin’s broader interest in exercising more autonomy over the digital machines and communications within its borders.

Sam Bendett, research analyst with the “Center for Naval Analyses” International Affairs Group, said, One of the main sticking points for the Russian government was the fact that imported operating systems had vulnerabilities and back doors that Moscow thought could be exploited by international intelligence agencies. This is essentially Russia ensuring its cybersecurity against potential intrusions.

It’s unsurprising that Moscow distrusts Microsoft software, given that Russian-developed malware, like the NotPetya virus used against energy targets in Ukraine, exploits vulnerabilities in Windows.

Sherman says that while the Russian government may find Astra Linux a suitable substitute for Windows, its not a serious competitor anyplace else. There’s no particular reason for others to use this bespoke variant of Linux. Also suspicion of Russian software has been rising internationally. The country’s most successful and recognized software company, Kaspersky, can no longer sell its wares to the U.S. government. Last May, the cybersecurity firm opened a “transparency lab” in Switzerland in an attempt to assuage jittery European customers.

“If this operating system were to be marketed outside of Russia, the prospects likely aren’t great,” Sherman said. Astra Linux doesn’t exactly have worldwide foothold compared to the systems its replacing within Russia, and this is only compounded by the fact that just as the Russian government has security concerns about software made in other countries - Other countries may very well have security concerns about using software made in Russia and endorsed by the Russian government.

But, says Bendett, a potential client list for Russian software does exist outside of Russia, just as there is for Russian anti-aircraft systems. “There is a growing list of nations that will probably want to have its main government and military systems run on an OS from a nation more friendly to their interest like Syria.. or other countries where Russia is seeking to make inroads. So the possibility for export definitely exists.”

SOURCE

Posted by Elvis on 06/04/19 •
Section Privacy And Rights • Section Microsoft And Windows
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Thursday, May 30, 2019

Iphone Phone Home

image: iphone phone home

Its the middle of the night. Do you know who your iPhone is talking to?

Apple says, :What happens on your iPhone stays on your iPhone.”
Our privacy experiment showed 5,400 hidden app trackers guzzled our data - in a single week.

By Geoffrey A. Fowler
Washington Post
May 28, 2019

It’s 3 a.m. Do you know what your iPhone is doing?

Mine has been alarmingly busy. Even though the screen is off and I’m snoring, apps are beaming out lots of information about me to companies I’ve never heard of. Your iPhone probably is doing the same - and Apple could be doing more to stop it.

On a recent Monday night, a dozen marketing companies, research firms and other personal data guzzlers got reports from my iPhone. At 11:43 p.m., a company called Amplitude learned my phone number, email and exact location. At 3:58 a.m., another called Appboy got a digital fingerprint of my phone. At 6:25 a.m., a tracker called Demdex received a way to identify my phone and sent back a list of other trackers to pair up with.

And sll night long, there was some startling behavior by a household name: Yelp. It was receiving a message that included my IP address - once every five minutes.

Our data has a secret life in many of the devices we use every day, from talking Alexa speakers to smart TVs. But we;ve got a giant blind spot when it comes to the data companies probing our phones.

You might assume you can count on Apple to sweat all the privacy details. After all, it touted in a recent ad, “What happens on your iPhone stays on your iPhone.” My investigation suggests otherwise.

IPhone apps I discovered tracking me by passing information to third parties - just while I was asleep - include Microsoft OneDrive, Intuits Mint, Nike, Spotify, The Washington Post and IBM’s the Weather Channel. One app, the crime-alertservice Citizen, shared personally identifiable information in violation of its published privacy policy.

And your iPhone doesnt only feed data trackers while you sleep. In a single week, I encountered over 5,400 trackers, mostly in apps, not including the incessant Yelp traffic. According to privacy firm Disconnect, which helped test my iPhone, those unwanted trackers would have spewed out 1.5 gigabytes of data over the span of a month. That’s half of an entire basic wireless service plan from AT&T.

This is your data. Why should it even leave your phone? Why should it be collected by someone when you donӒt know what theyre going to do with it?Ҕ says Patrick Jackson, a former National Security Agency researcher who is chief technology officer for Disconnect. He hooked my iPhone into special software so we could examine the traffic. I know the value of data, and I donӒt want mine in any hands where it doesnt need to be,Ҕ he told me.

In a world of data brokers, Jackson is the data breaker. He developed an app called Privacy Pro that identifies and blocks many trackers. If youre a little bit techie, I recommend trying the free iOS version to glimpse the secret life of your iPhone.

Yes, trackers are a problem on phones running Google’s Android, too. Google wont even let Disconnect’s tracker-protection software into its Play Store. (Googles rules prohibit apps that might interfere with another app displaying ads.)

Part of Jackson’s objection to trackers is that many feed the personal data economy, used to target us for marketing and political messaging. Facebook’s fiascos have made us all more aware of how our data can be passed along, stolen and misused - but Cambridge Analytica was just the beginning.

Jackson’s biggest concern is transparency: If we don’t know where our data is going, how can we ever hope to keep it private?

The app gap

App trackers are like the cookies on websites that slow load times, waste battery life and cause creepy ads to follow you around the Internet. Except in apps, theres little notice trackers are lurking and you can’t choose a different browser to block them.

Why do trackers activate in the middle of the night? Some app makers have them call home at times the phone is plugged in, or think they wont interfere with other functions. These late-night encounters happen on the iPhone if you have allowed “background app refresh,” which is Apple’s default.

With Yelp, the company says the behavior I uncovered wasn’t a tracker but rather an “unintended issue that’s been acting like a tracker.” Yelp thinks my discovery affects 1 percent of its iOS users, particularly those who’ve made reservations through Apple Maps. At best, it is shoddy software that sent Yelp data it didn’t need. At worst, Yelp was amassing a data trove that could be used to map peoples travels, even when they weren’t using its app.

A more typical example is DoorDash, the food-delivery service. Launch that app, and you’re sending data to nine third-party trackers - though you’d have no way to know it.

App makers often use trackers because they’re shortcuts to research or revenue. They run the gamut from innocuous to insidious. Some are like consultants that app makers pay to analyze what people tap on and look at. Other trackers pay the app makers, squeezing value out of our data to target ads.

In the case of DoorDash, one tracker called Sift Science gets a fingerprint of your phone (device name, model, ad identifier and memory size) and even accelerometer motion data to help identify fraud. Three more trackers help DoorDash monitor app performance - including one called Segment that routes onward data including your delivery address, name, email and cell carrier.

DoorDashҗs other five trackers, including Facebook and Google Ad Services, help it understand the effectiveness of its marketing. Their presence means Facebook and Google know every time you open DoorDash.

The delivery company tells me it doesnt allow trackers to sell or share our data, which is great. But its privacy policy throws its hands up in the air: ҒDoorDash is not responsible for the privacy practices of these entities, it says.

All but one of DoorDashӔs nine trackers made Jacksons naughty list for Disconnect, which also powers the Firefox browserҒs private browsing mode. To him, any third party that collects and retains our data is suspect unless it also has pro-consumer privacy policies like limiting data retention time and anonymizing data.

Microsoft, Nike and the Weather Channel told me they were using the trackers I uncovered to improve performance. Mint, owned by Intuit, said it uses an Adobe marketing tracker to help figure out how to advertise to Mint users. The Post said its trackers were used to make sure ads work. Spotify pointed me to its privacy policy.

Privacy policies don’t necessarily provide protection. Citizen, the app for location-based crime reports, published that it wouldn’t share your name or other personally identifying information.ғ Yet when I ran my test, I found it repeatedly sent my phone number, email and exact GPS coordinates to the tracker Amplitude.

After I contacted Citizen, it updated its app and removed the Amplitude tracker. (Amplitude, for its part, says data it collects for clients is kept private and not sold.)

“We will do a better job of making sure our privacy policy is clear about the specific types of data we share with providers like these,” Citizen spokesman J. Peter Donald said. We do not sell user data. “We never have and never will.”

The problem is, the more places personal data flies, the harder it becomes to hold companies accountable for bad behavior including inevitable breaches.

As Jackson kept reminding me: This is your data.

The letdown

What disappoints me is that the data free-for-all I discovered is happening on an iPhone. Isn’t Apple supposed to be better at privacy?

“At Apple we do a great deal to help users keep their data private,” the company says in a statement. “Apple hardware and software are designed to provide advanced security and privacy at every level of the system.”

In some areas, Apple is ahead. Most of Apple’s own apps and services take care to either encrypt data or, even better, to not collect it in the first place. Apple offers a privacy setting called “Limit Ad Tracking” (sadly off by default) which makes it a little bit harder for companies to track you across apps, by way of a unique identifier for every iPhone.

And with iOS 12, Apple took shots at the data economy by improving the ?intelligent tracking prevention” in its Safari web browser.

Yet these days, we spend more time in apps. Apple is strict about requiring apps to get permission to access certain parts of the iPhone, including your camera, microphone, location, health information, photos and contacts. (You can check and change those permissions under privacy settings.) But Apple turns more of a blind eye to what apps do with data we provide them or they generate about us Ӕ witness the sorts of tracking I found by looking under the covers for a few days.

For the data and services that apps create on their own, our App Store Guidelines require developers to have clearly posted privacy policies and to ask users for permission to collect data before doing so. When we learn that apps have not followed our Guidelines in these areas, we either make apps change their practice or keep those apps from being on the store,ד Apple says.

Yet very few apps I found using third-party trackers disclosed the names of those companies or how they protect my data. And what good is burying this information in privacy policies, anyway? What we need is accountability.

Getting more deeply involved in app data practices is complicated for Apple. Todays technology frequently is built on third-party services, so Apple couldn’t simply ban all connections to outside servers. And some companies are so big they dont even need the help of outsiders to track us.

The result shouldn’t be to increase Apple’s power. “I would like to make sure they’re not stifling innovation,” says Andrs Arrieta, the director of consumer privacy engineering at the Electronic Frontier Foundation.  “If Apple becomes the Internets privacy police, it could shut down rivals.”

Jackson suggests Apple could also add controls into iOS like the ones built into Privacy Pro to give everyone more visibility.

Or perhaps Apple could require apps to label when they’re using third-party trackers. If I opened the DoorDash app and saw nine tracker notices, it might make me think twice about using it.

SOURCE

Posted by Elvis on 05/30/19 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Sunday, March 03, 2019

Data Brokers

image: data brokers

Here are the data brokers quietly buying and selling your personal information

By Steven Melendez and Alex Pasternack
Fast Company
March 2, 2019

Its no secret that your personal data is routinely bought and sold by dozens, possibly hundreds, of companies. What’s less known is who those companies are, and what exactly they do.

Thanks to a NEW VERMONT LAW requiring companies that buy and sell third-party personal data to register with the Secretary of State, weve been able to assemble a list of 121 data brokers operating in the U.S. It’s a rare, rough glimpse into a bustling economy that operates largely in the shadows, and often with few rules.

Even Vermonts first-of-its-kind law, which went into effect last month, doesn’t require data brokers to disclose whose in their databases, what data they collect, or who buys it. Nor does it require brokers to give consumers access to their own data or opt out of data collection. Brokers are, however required to provide some information about their opt-out systems under the law - assuming they provide one.

If you do want to keep your data out of the hands of these companies, you’ll often have to contact them one by one through whatever opt-out systems they provide; more on that below.

The registry is an expansive, alphabet soup of companies, from lesser-known organizations that help landlords research potential tenants or deliver marketing leads to insurance companies, to the quiet giants of data. Those include big names in people search, like Spokeo, ZoomInfo, White Pages, PeopleSmart, Intelius, PeopleFinders, and the numerous other websites they operate; credit reporting, like Equifax, Experian, and TransUnion; and advertising and marketing, like Acxiom, Oracle, LexisNexis, Innovis, and KBM. Some companies also specialize in “risk mitigation,” which can include credit reporting but also background checks and other identity verification services.

Still, these 121 entities represent just a fraction of the broader data economy: The Vermont law only covers third-party data firms - those trafficking in the data of people with whom they have no relationship - as opposed to first-party - data holders like Amazon, Facebook, or Google, which collect their own enormous piles of detailed data directly from users.

What they know

By buying or licensing data or scraping public records, third-party data companies can assemble thousands of attributes each for billions of people. For decades, companies could buy up lists of magazines subscribers to build targeted advertising audiences. These days, if you use a smartphone or a credit card, its not difficult for a company to determine if you’ve just gone through a break-up, if you’re pregnant or trying to lose weight, whether you’re an extrovert, what medicine you take, where you’ve been, and even how you swipe and tap on your smartphone. (Browser cookies and trackers are a major part of this infrastructure, and like many websites, Fast Company’s site relies on them in order to serve content and ads.)

All that information can be used to create profiles of you - think of them as virtual, possibly erroneous versions of you - that can be used to target you with ads, classify the riskiness of your lifestyle, or help determine your eligibility for a job. Like the companies themselves, the risks can be hard to see. Apart from the dangers of merely collecting and storing all that data, detailed (and often erroneous) consumer profiles can lead to race or income-based discrimination, in a high-tech version of redlining.

Piles of personal data are flowing to political consultants attempting to influence your vote (like Cambridge Analytica) and to government agencies pursuing non-violent criminal suspects (like U.S. Immigration and Customs Enforcement). Meanwhile, people-search websites, accessible to virtually anyone with a credit card, can be a goldmine for doxxers, abusers, and stalkers.

People in the U.S. still struggle to understand the nature and scope of the data collected about them, according to a recent survey by the Pew Research Center, and only 9% believe they have a lot of control over the data that is collected about them. Still, the vast majority, 74%, say it is very important to them to be in control of who can get that information.

Deleting your data

For companies regulated under the Fair Credit Reporting Act (FCRA), including traditional credit bureaus, you have the right to request your personal data and request corrections of anything that’s wrong.

But for other companies that deal in data, like marketing and people finder companies, U.S. law mostly doesn[t make any such guarantees, though that may change in the future as state and federal legislatures consider further rules. Those could ultimately bring protections like the right-to-be-forgotten and other safeguards granted to European residents under the General Data Protection Regulation (GDPR), probably the strictest international consumer data policy.

To try to remove yourself from a company’s databases: Click on the name of the broker below, click “Filing History,” and then click “DATA BROKER REGISTRATION.” You’ll get a documentin PDF form that contains details from the company on how to opt out - provided the company allows you to opt-out.

You can also consult various online guides listing opt-out procedures. Griffin Boyce, systems administrator at Harvard University֒s Berkman Klein Center for Internet and Society, has compiled one such opt-out guide. Another guide is put together by Joel Winston, an attorney known for his work on data privacy and consumer protection. At Motherboard, Yael Grauer compiled another list of brokers with tips for opting out. If you’re a resident of the European Union, opt-out.eu has a guide to sending GDPR Erasure Requests.

You can also use the Data & Marketing Association’s DMAchoice program, which is primarily designed for opting out of direct mail and email messages, but is also used by some organizations to remove consumers from their lists entirely. It costs $2 to sign up for the program, and registration lasts two years.

If you’re part of a “protected class,” which includes victims of domestic violence, stalking, sexual assault, identity theft, or people who work in law enforcement, some states like California offer Safe at Home, a program that lets victims remove their contact info from databases with a single request. The National Network to End Domestic Violence has also assembled a guide to data brokers.

If you’re concerned about how a company is handling your personal data, you can file a complaint with the Federal Trade Commission, which has issued millions of dollars in penalties over unfair or unlawful behavior by credit agencies and data brokers.

You can limit data loss by deleting unnecessary apps, adjusting your privacy settings, using privacy tools like a VPN, and limiting what you post online.

In order to control your data, you may need to hand over some basic info to verify that its really you. But be careful about what you turn over. As Boyce writes, “other than credit reporting agencies such as Equifax, no one should ask for your Social Security number or tax ID while opting out. When sending a copy of your ID, mark out the ID number and draw a line across the photo.”

The data broker companies

Below are the companies that have registered under Vermont’s data broker law, with descriptions drawn from their websites or other sources where noted.

ACCUDATA INTEGRATED MARKETING INC.

Accudata operates mailing lists and marketing data services.

ACXION LLC

The data giants offerings now encompass more than 62 countries, 2.5 billion addressable consumers and more than 10,000 attributes - for a comprehensive representation of 68 percent of the world’s online population. Last year, following the Cambridge Analytica scandal and Facebook’s decision to end partnerships with Acxiom and other third-party data handlers, LiveRamp sold Acxiom to Interpublic Group, one of the world’s largest advertising agencies, for $2.3 billion. LiveRamp continues to operate as a leading “data onboarding” company, helping bring offline data online for marketing purposes.

ADVANTAGE CREDIT INC

Advantage Credit resells credit services and data for the mortgage and finance industry.

ADVANTAGE SALES AND MARKETING LLC

Advantage offers shopper marketing, retail merchandising, and other services to retailers and manufacturers.

ADVERTISE4SALES LLC

Advertise4Sales connects law firms and legal professionals across the country to tens of thousands of prospects requesting legal help in real-time via phone or web leads each month.

ALC INC

ALC (American List Counsel) has “become the industry’s leading privately held direct and digital data marketing services provider.”

ALL WEB LEADS INC

All Web Leads is an online lead generation company that sells the highest-quality sales leads to top insurance producers. (Crunchbase)

ALISOURCE HOLDINGS LLC

Altisource provides information about landlords to businesses that wish to market to them.

AMRENT INC

AmRent provides tenant screening services and data.

ANALYTICSIQ INC

[T]he first data company to consistently blend cognitive psychology with sophisticated data science to help you understand the who, what and why behind consumers and the decisions they make every day. Their accurate and comprehensive consumer database, PeopleCore, provides access to data attributes you can’t find anywhere else.

ASL MARKETING INC

ASL is “the nation’s premier provider of student marketing data, focused on the highly desirable 13-34-year-old market.

AUTOMATION RESEARCH INC DBA DATA VERIFY

DataVerify provides information for the mortgage and real estate loan industry.

AVRICK DIRECT INC

Mailing list and direct marketing company “specializing in data compilation.”

BACKGROUND INFORMATION SERVICES INC (BIS)

BIS focuses on employee and tenant screening.

BACKGROUNDCHECKS.COM LLC

Backgroundchecks.com provides online background checks and criminal records data.

BEENVERIFIED INC and its subsidiaries/affiliates

BeenVerified provides background check and people search services.

BELARDI OSTROY ALC LLC

“Belardi Wong is a full service digital & direct marketing agency, relentlessly focused on driving revenue, profit and customer growth.”

BLACK KNIGHT DADA AND ANALYTICS LLC

Black Knight provides loan and real estate data.

BLACKBAUD INC

“A supplier of software and services specifically designed for nonprofit organizations. Its products focus on fundraising, website management, CRM, analytics, financial management, ticketing, and education administration.” (Wikipedia)

CBCINNOVIS INC

CBCInnovis provides credit and real estate data.

CDK GLOBAL LLC

“CDK provides software and technology solutions for automotive retailers in the United States and internationally.”

CIC MORTGAGE CREDIT INC

CIC provides credit data for the mortgage industry.

CIVIS ANALYTICS INC

Civis is an Eric Schmidt-backed data science software and consultancy company founded by Dan Wagner in 2013. Wagner served as the chief analytics officer for Barack Obama’s 2012 re-election campaign. Read more from Fast Company here.

CLARITY SERVICES INC

Clarity Services is a unit of Experian focusing on alternative credit data.

COMPACT INFORMATION SYSTEMS

Provides specialty lists, data hygiene services, and direct marketing database solutions.

CONFI-CHEK

A people search conglomerate that owns Peoplefinders.com, Enformium Inc., PublicRecordsNOW.com, PrivateEye.com and Advanced Background Checks Inc.

CORELOGIC BACKGROUND DATA LLC

CoreLogic Background Data provides “wholesale background data” for screening purposes.

CORELOGIC CREDCO OF PUERTO RICO

CoreLogic Credco provides credit data to the mortgage industry.

CORELOGIC CREDCO LLC

CoreLogic Credco provides credit data to the mortgage industry.

CORELOGIC SCREENING SERVICES LLC

CoreLogic Screening Services provides tenant screening for rental properties.

CORELOGIC SOLUTIONS LLC

CoreLogic Solutions processes and provides property records for the real estate and mortgage industries.

CORTERA INC

Cortera provides credit information about businesses.

DATA FACTS INC

Data Facts provides information on consumers for background checks in lending, housing and more

DATAMENTORS LLC DBS V12

A “data and technology platform that links customer records with their proprietary blend of online, offline, and digital marketing data for highly personalized, one-to-one consumer marketing, regardless of device or channel.” (Crunchbase)

DATAMYX LLC DBA DELUXE MARKETING SOLUTIONS

A “leading provider of integrated information, technology and analytics. Datamyx serves customers in industries ranging from banking, credit unions, and mortgage providers to alternative finance, insurance, and others.”

DATASTREAM GROUP INC

Datastream “provides rich marketing data and real-time sales leads.”

DATAX LTD

DataX is a unit of Equifax focused on alternative credit data.

DIGITAL MEDIA SOLUTIONS

“Deploys diversified and data-driven digital media customer acquisition solutions, including performance marketing, digital agency and marketing technology solutions to help achieve the marketing objectives of clients.”

DIGITAL SEGMENT LLC

A multi-channel marketing company.

DROBU MEDIA LLC

Ad manager and lead generator for social media campaigns.

DUSTIN BLACKMAN

Dustin Blackman is the head of Drobu Media LLC, a lead generation service. He indicated to Fast Company that he intended to register only the business, not himself.

EDVISORS NETWORK INC

Edvisors “provides independent advertising-supported platforms for consumers to search compare and apply for private student loans.”

ENFORMION

Enformion “aggregates billions of United States public records into one of the largest online people databases.”

EPSILON DATA MANAGEMENT LLC

Epsilon is one of the largest data management companies in the world, and provides direct marketing and customer relationship management services, sending more than 40 billion e-mails each year.

EQUIFAX IBFORMATION SERVICES LLC

Incorporated in 1937, Equifax is one of the three major consumer credit reporting agencies. In 2017, the company said it suffered a cyberattack that exposed the data of more than 145.4 million Americans, including their full names, Social Security numbers, birth dates, addresses, and driver license numbers. At least 209,000 consumers’ credit card credentials were also taken in the attack.

EXPERIAN DATA CORP

A sibling of the giant U.S. credit reporting agency Experian Information Solutions and one of many subsidiaries of the Ireland-based data giant Experian PLC, the company operates Experian RentBureau, a database updated daily with millions of consumers “rental payment history data” from property owners/managers, electronic rent payment services and collection companies.

EXPERIAN FRAUD PREVENTION SOLUTIONS INC

An Experian unit providing a database focusing on fraudulent transactions.

EXPERIAN HEALTH INC

The healthcare division of the credit reporting agency, providing data and analytics for healthcare providers, labs, pharmacies, payers, and other risk-bearing entities.

EXPERIAN INFORMATION SOLUTIONS INC

One of the “big three credit reporting agencies, Experian also sells data analytics and marketing services, and purports to aggregate information on over one billion people and businesses, including 235 million individual U.S. consumers.”

EXPERIAN MARKETING SOLUTIONS INC

A marketing subsidiary of the credit reporting giant focused on identity-linkage and consumer research.

FD HOLDINGS LLC DBA FACTUAL DATA

Factual Data provides credit and other data to mortgage lenders.

FIRST AMERICAN DATA TREE LLC

DataTree “delivers the current and accurate real estate and property ownership data you need for your business.”

FIRST DIRECT INC and its subsidiaries/affiliates</a>

First Direct provides digital & traditional direct marketing.

FIRST ORION CORP

First Orion provides information on telephone callers, including contact information and the likelihood of a scam.

FOREWARN LLC

Forewarn provides background information about potential business associates, including real estate clients.

FUSED LEADS LLC

Fused Leads is “a pipeline to potential clients for the home improvement, auto insurance, auto finance, life insurance, mortgage, and health insurance industries.”

GENERAL INFORMATION SOLUTIONS LLC

GIS, which recently merged with HireRight, is a background screening company.

HEALTHCARE.COM

Not to be confused with the government insurance portal healthcare.gov, healthcare.com provides consumer marketing for insurance companies.

I360 LLC

Funded by the Koch brothers and started by a former adviser to John McCain’s presidential campaign, i360 has built one of the largest data, technology, and analytics platforms for political and commercial clients.

ID ANALYTICS LLC

ID Analytics is a unit of Symantec focused on credit and fraud risk mitigation.

IHS MARKIT

IHS Markit is a” global leader in information, analytics and solutions: for various industries.

INCHECK INC

InCheck is a background check provider.

INFLECTION RISK SOLUTIONS LLC

Inflection helps companies to make better and faster people decisions about who to hire, who to trust, and to whom they should grant access using in-house and public data that includes criminal records, sex offender registries, and global watchlists.

INFLECTION.COM INC

A subsidiary of Inflection Risk Solutions.

INFOCORE INC

Infocore “specializes in direct marketing, campaign strategy, and sourcing market data for domestic and multinational clients.”

INFOGROUP INC

Infogroup, FOUNDED by Vinod Gupta in 1972, “offers real-time data on 245 million individuals and 25 million businesses for customer acquisition and retention,” according to Wikipedia.

INFUTOR DATA SOLUTIONS

Infutor is “the expert in identity management, enabling brands to instantly identify consumers and make informed marketing decisions.”

Innovis Data Solutions Inc.

Innovis is a consumer credit reporting agency.

Instant Checkmate LLC

Instant Checkmate is a people search site that uses public records, including criminal records.

Insurance Services Office Inc.

ISO is a unit of Verisk that focuses on insurance risk and fraud identification.

IntelliCorp Records Inc.

IntelliCorp is a unit of Verisk focusing on employment background checks.

Intellireal LLC

Intellireal is a division of Equifax focusing on real estate analytics and valuation.

Interactive Data LLC

Interactive Data provides consumer information for risk mitigation, compliance, and identity verification.

IQ Data Systems Inc. dba Backgrounds Online

A nationwide data aggregator, IQ Data Systems offers private investigation, skip tracing, public record maintenance and background screening services,Ӕ and provides FCRA compliant background screening.Ӕ

ISO Claims Services Inc.

ISO manages insurance companies personal injury claims portfolios.

ISO Services Inc.

A subsidiary of data giant Verisk Analytics, ISO ғis a provider of statistical, actuarial, underwriting, and claims information and analytics; compliance and fraud identification tools for ԓinsurers, reinsurers, agents and brokers, insurance regulators, risk managers, and other participants in the property/casualty insurance marketplace.

IXI Corp.

Equifax-owned IXI analyzes household economics and ԓoffers customer targeting, segmentation, and market tracking solutions and services for financial services and consumer marketing firms.

KBM GROUP LLC

WPP-owned data giant KBM offers ԓmarketing strategy and analytics services.

KnowWho Inc.

KnowWho helps ԓgovernment relations, lobbying firms, advocacy groups, library patrons, and the government itself, connect with elected officials and their staffs for more than 15 years.

LexisNexis Risk Solutions Inc. and affiliates

This LexisNexis unit provides and works with data for risk management purposes.

Lundquist Consulting Inc.

LCI, part of Verisk Financial, provides data on bankruptcy matters.

MCH Inc. dba MCH Strategic Data

MCH ԓprovides the highest quality education, healthcare, government, and church data.

Modernize Inc.

A home improvement contractor marketplace.

National Consumer Telecom & Utilities Exhange Inc.

ԓNCTUE is a consumer reporting agency that maintains data such as payment and account history, reported by telecommunication, pay TV, and utility service providers that are members of NCTUE.

National Student Clearinghouse

The National Student Clearinghouse verifies where people attended school and the degrees they earned.

Neustar Inc.

Neustar ԓprovides real-time information and analytics for defense, telecommunications, entertainment, and marketing industries, and provides clearinghouse and directory services to the global communications industries, serving as the domain name registry for .biz, .us, .co, and .nyc top-level domains.

New England List Services Inc.

Offers targeted consumer mailing lists.

Open Dealer Exchange LLC dba 700 Credit LLC

700 Credit provides credit screening for car dealers.

Oracle America Inc. (Oracle Data Cloud)

Data giant ԓOracle Data Cloud gives marketers access to 5 billion global IDs, $3 trillion in consumer transactions, and more than 1,500 data partners available through the BlueKai Marketplace. With more than 45,000 prebuilt audiences spanning demographic, behavioral, B2B, online, offline, and transactional data, we bring together more data into a single location than any other solution.

OwnerIQ Inc.

OwnerIQ ԓprovides online advertising solutions and marketing channels for brands, retailers, and manufacturers and operates a platform for second party data for marketing.

Parasol Media Inc.

Parasol Leads is one of the insurance industryԒs highest quality leads generation services.

Partners Credit and Verification Solutions

Partners provides credit and background data to mortgage lenders.

Path2Response

Path2Response collects, aggregates and models consumer information.Ӕ

PeopleConnect Inc.

A people search company that owns Intelius and Classmates.com, providing access to criminal records, employee screening, background checks, and identity theft protection services.

Pipl Inc.

Pipl is a people search tool.

Plural Marketing Solutions Inc.

A company that builds engaging, consumer-centric paths and web sites.Ӕ

PossibleNOW Data Services

PossibleNOW is the leader in consumer regulatory compliance and consent solutions, and pioneered the concept of enterprise preference management.Ӕ

Project Applecart LLC

Project Applecart gathers data on adults in the U.S. via publicly available sources or via third-party license agreements. It analyzes the data to help advertisers address marketing and other communications to the relevant audience.Ӕ

Quality Planning Corp.

QPC provides analytics and information on policyholders for automobile insurance companies.

Rental Property Solutions LLC

Rental Property Solutions is a unit of CoreLogic that provides credit reporting information to landlords.

Reveal Mobile Inc.

Reveal provides location-based marketing & analytics to help companies reach audiences across mobile apps, digital advertising, and social media.

Ruf Strategic Solutions

A marketing firm owned by consumer identity management company Infutor with a focus on travel, tourism, insurance, e-commerce, and education.

SageStream LLC

SageStream is a consumer credit reporting company.

Skipmasher Inc.

For skiptracers and investigators.

Speedeon Data LLC

Speedeon DataӒs goal has been to provide our clients with the highest quality customer contact dataŔ

Spokeo Inc.

Spokeo is a people search giant that purports to provide access to 12 billion public records. In 2012, the Federal Trade Commission fined the company $800,000 and placed it under a 20-year privacy prohibition for marketing information for employment screening purposes without adhering to the Fair Credit Reporting Act, in the first FTC fine involving personal data collected online and sold to potential employers.

Spy Dialer Inc.

Spy Dialer is a people search website providing information on people by name or phone number.

Strategic Information Resources

SIR provides background and credit screening to employers, landlords, and lenders.

TALX Corp.

TALX is a unit of Equifax that provides employment information to companies and landlords through a database called The Work Number. As Fast Company previously reported, the database relies on feeds of detailed employee and salary data provided by the countrys biggest companies and organizations, including Facebook, Amazon, Microsoft, Oracle, Walmart, Twitter, AT&T, Harvard Law School, and the Commonwealth of Pennsylvania. In 2017, a security researcher exposed a breach in which employeesҒ data could be accessed using only Social Security numbers and dates of birth.

Teletrack LLC

CoreLogic Teletrack is a consumer reporting agency that provides consumer reports to third parties for the purpose of credit risk assessment and/or other purposes as permitted by law.Ӕ

The Lead Company Inc.

Specializing in quality real-time online insurance leads for auto, home, life, and health.

Thomas Reuters (CRC) LLC dba Refinitiv

Refinitiv operates the World-Check database used for financial know your customerӔ compliance and identity verification.

Towerdata Inc.

A multichannel marketing firm focused on email.

TransUnion

TransUnion is the smallest of the big threeӔ credit reporting agencies, alongside Experian and Equifax.

Truthfinder LLC

Truthfinder is a people search site that provides background checks and public records search capabilities.

Twine Data Inc.

Twine is a mobile data platform that works with app publishers who generate mobile data & the companies who need data for ad targeting.Ӕ (Crunchbase)

Viant Technology LLC

Viant, a former Time Inc. and current Meredith subsidiary, is a premier people-based advertising technology company, enabling marketers to plan, execute, and measure their digital media investments,Ӕ with access to over 250 million registered users in the U.S., infusing accuracy, reach and accountability into cross device advertising.Ӕ

WEST PUBLISHING CORP

A unit of Thomson Reuters, West offers tools for searching public records and legal records. In 2018, the non-profit Privacy International identified it as one of a number of firms HIRED BY Immigration and Customs Enforcement to provide data that can be used by the agency and others to identify and track people and their families, including for deportation.

WHITEPAGED INC

WhitePages provides people search and background information.

WHOODLE LLC

Whoodle is a people search and background check service.

WILAND INC

A provider of intelligence-driven predictive marketing solutions.

SOURCE

Posted by Elvis on 03/03/19 •
Section Privacy And Rights
View (0) comment(s) or add a new one
Printable viewLink to this article
Home

Wednesday, October 17, 2018

The Clouded Cloud

image: amazon honor system

AmazonAtlas

Wikileaks
October 11, 2018

Today, WikiLeaks publishes a “Highly Confidential” internal documentfrom the cloud computing provider Amazon. The documentfrom late 2015 lists the addresses and some operational details of over one hundred data centers spread across fifteen cities in nine countries. To accompany this document, WikiLeaks also created a map showing where Amazons data centers are LOCATED.

Amazon, which is the largest cloud provider, is notoriously secretive about the precise locations of its data centers. While a few are publicly tied to Amazon, this is the exception rather than the norm. More often, Amazon operates out of data centers owned by other companies with little indication that Amazon itself is based there too or runs its own data centers under less-identifiable subsidiaries such as VaData, Inc. In some cases, Amazon uses pseudonyms to obscure its presence. For example, at its IAD77 data center, the documentstates that Amazon is known as “Vandala Industries” on badges and all correspondence with building manager

Amazon is the leading cloud provider for the United States intelligence community. In 2013, Amazon entered into a $600 million contract with the CIA to build a cloud for use by intelligence agencies working with information classified as Top Secret. Then, in 2017, Amazon announced the AWS Secret Region, which allows storage of data classified up to the Secret level by a broader range of agencies and companies. Amazon also operates a special GovCloud region for US Government agencies hosting unclassified information.

Currently, Amazon is one of the leading contenders for an up to $10 billion contract to build a private cloud for the Department of Defense. Amazon is one of the only companies with the certifications required to host classified data in the cloud. The Defense Department is looking for a single provider and other companies, including Oracle and IBM, have complained that the requirements unfairly favor Amazon. Bids on this contract are due tomorrow.

While one of the benefits of the cloud is the potential to increase reliability through geographic distribution of computing resources, cloud infrastructure is remarkably centralised in terms of legal control. Just a few companies and their subsidiaries run the majority of cloud computing infrastructure around the world. Of these, Amazon is the largest by far, with recent market research showing that Amazon accounts for 34% of the cloud infrastructure services market.

Until now, this cloud infrastructure controlled by Amazon was largely hidden, with only the general geographic regions of the data centers publicised. While Amazons cloud is comprised of physical locations, indications of the existence of these places are primarily buried in government records or made visible only when cloud infrastructure fails due to natural disasters or other problems in the physical world.

In the process of dispelling the mystery around the locations of Amazon’s data centers, WikiLeaks also turned this documentinto a puzzle game, the Quest of Random Clues. The goal of this game was to encourage people to research these data centers in a fun and intriguing way, while highlighting related issues such as contracts with the intelligence community, Amazons complex corporate structures, and the physicality of the cloud.

SOURCE

Posted by Elvis on 10/17/18 •
Section Privacy And Rights • Section Broadband Privacy
View (0) comment(s) or add a new one
Printable viewLink to this article
Home
Page 1 of 69 pages  1 2 3 >  Last »

Statistics

Total page hits 9264432
Page rendered in 11.4581 seconds
41 queries executed
Debug mode is off
Total Entries: 3171
Total Comments: 337
Most Recent Entry: 06/13/2019 07:38 am
Most Recent Comment on: 01/02/2016 09:13 pm
Total Logged in members: 0
Total guests: 3
Total anonymous users: 0
The most visitors ever was 114 on 10/26/2017 04:23 am


Email Us

Home

Members:
Login | Register
Resumes | Members

In memory of the layed off workers of AT&T

Today's Diversion

The true nature of the gods is that of magical images shaped out of the astral plane by mankind's thought, and influenced by the mind. - Dion Fortune

Search


Advanced Search

Sections

Calendar

June 2019
S M T W T F S
            1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30            

Must Read

Most recent entries

RSS Feeds

Today's News

ARS Technica

External Links

Elvis Picks

BLS Pages

Favorites

All Posts

Archives

RSS


Creative Commons License


Support Bloggers' Rights