e dot dot dot
a mostly about the Internet blog by

August 2017
Sun Mon Tue Wed Thu Fri Sat
   
   


Complaint Filed Over Sketchy VPN Service

Furnished content.


VPNs are important... for some situations. Unfortunately, the message that many have received in hearing about the importance of VPNs is that they somehow "protect your privacy." But that's always been wrong. They just move the privacy questions somewhere else. And sometimes it's a sketchy place. A few months back we discussed this very issue with some security experts on our podcast. All VPNs do is create a secure tunnel from where you are to somewhere else. That's useful if you don't want other people sitting in the Starbucks with you to pick up your unencrypted traffic (or other people in your hotel on the hotel WiFi), but it doesn't solve anything on larger privacy questions. The always excellent SwitfOnSecurity summed it up nicely recently:

Basically, you're just moving the risk elsewhere, and you're trusting whoever your VPN provider is -- and they may very well be worse than whatever it is you're trying to avoid. The specific use case that's almost never recommended is using a VPN on your home network (with a few specific exceptions). You may not trust Comcast/AT&T/whatever, but they may actually be a lot more serious about protecting you than a fly-by-night VPN provider.But with so many VPN providers out there, it's not always clear how legit they are, and there certainly have been rumors and complaints about some of them. Now, the Center for Democracy and Technology (CDT) has filed an FTC complaint against one of the more well known VPN providers, Hotspot Shield VPN. You can read the short complaint yourself, but the short version is CDT says that Hotspot Shield VPN makes claims about privacy that are... not accurate, and argues that these are deceptive trade practices.
Hotspot Shield makes strong claims about the privacy and security of its data collectionand sharing practices. CEO David Gorodyansky has stated that we never log or storeuser data. The company's website promises Anonymous Browsing and notes thatHotspot Shield keeps no logs of your online activity or personal information. HotspotShield further differentiates itself from ...disreputable providers [that] are able to offerfree VPN services [ ] because they make their money tracking and selling their users'activities by claiming that Hotspot Shield neither tracks nor sells customers'information.
Take a wild guess what's coming next...
While connection logs can be designed to be minimally privacy-invasive, HotspotShield engages in logging practices around user connection data, beyond troubleshootingtechnical issues. The service uses this information to identify [a user's] general location,improve the Service, or optimize advertisements displayed through the Service. IPaddresses, unique device identifiers, and other application information are regularlycollected by Hotspot Shield.
And then this:
While insisting that it does not make money from selling customer data, Hotspot Shieldpromises to connect advertisers to unique users that are frequent visitors of travel, retail,business, and finance websites. Moreover, these entities have access to IP addresses anddevice identifiers collected via Hotspot Shield. Even if Hotspot Shield only provideshashed or proxy IP addresses to these partners, third parties can also link informationabout web-viewing habits while using the Hotspot Shield by cross-referencing cookies,identifiers, or other information.
And more:
Contrary to Hotspot Shield's claims, the VPN has been found to be actively injectingJavaScript codes using iframes for advertising and tracking purposes. An iframe, orinline frame, is an HTML tag that can be used to embed content from another site orservice onto a webpage; iframes are frequently used to insert advertising, but can also beused to inject other malicious or unwanted code onto a webpage.Further analysis of Hotspot Shield's reverse-engineered source code revealed that theVPN uses more than five different third-party tracking libraries, contradictingstatements that Hotspot Shield ensures anonymous and private web browsing.
But, wait, there's more...
Additional research has revealed that Hotspot Shield further redirects e-commerce trafficto partnering domains. For example, when a user connects through the VPN to accessspecific commercial web domains, including major online retailers like and , the application can intercept and redirectHTTP requests to partner websites that include online advertising companies.
And just one more thing...
Consumers have reported instances of credit card fraud after purchasing the Elitepaid-version of Hotspot Shield VPN. One consumer reported thousands of dollars incredit card charges, as well as other suspicious online activity.
There's even more in the complaint, but those are some highlights. CDT claims that these are deceptive trade practices. Of course, the FTC doesn't need to do anything here. Such a complaint is basically asking the FTC to investigate and do something, and the FTC doesn't always do so. But at the very least, it may wake some people up about being careful which VPNs they use.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 10-Aug-2017
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



North Carolina Passes An Entirely Misguided Restore Campus Free Speech Act

Furnished content.


You will recall that we were just discussing a proposed law in Wisconsin that sought to do a number of things on college campuses, including limit the ability to protest and shout down controversial speakers, as well as mandating quite insanely that school administrations must "remain neutral" on the "controversial" topics of the day. It's a source of frustration for me that it's not immediately clear how bad an idea this is for any number of reasons. My two chief complaints about the law, built upon a legislative proposal from the Goldwater Institute, are how broad a range of topics this could conceivably cover and how it quite plainly seeks to favor one form of speech over another. Put simply, giving state governments oversight about which topics a university administration is allowed to opine while also mandating punishments for students who protest to shout down speakers is about as anti-free speech as it gets, even as the proponents of the legislation attempt to shroud themselves in that most sacred of American ideals.Well, North Carolina also had a similar bill under consideration, and indeed the state went ahead and passed its Restore Campus Free Speech Act. When you travel to that National Review link and/or read the pull quotes below, keep in mind that these are the words of a supporter of the bill and someone, Stanley Kurtz, who worked on the original Goldwater proposal.

The North Carolina Restore Campus Free Speech Act achieves most of what the Goldwater proposal sets out to do. It ensures that University of North Carolina policy will strongly affirm the importance of free expression. It prevents administrators from disinviting speakers whom members of the campus community wish to hear from. It establishes a system of disciplinary sanctions for students and anyone else who interferes with the free-speech rights of others, and ensures that students will be informed of those sanctions at freshman orientation. It reaffirms the principle that universities, at the official institutional level, ought to remain neutral on issues of public controversy to encourage the widest possible range of opinion and dialogue within the university itself. And it authorizes a special committee created by the Board of Regents to issue a yearly report to the public, the regents, the governor, and the legislature on the administrative handling of free-speech issues.
It all sounds so reasonable until you actually think about the implications of the law. Let's address them in order.To start, requiring a university to affirm the importance of free expression is the kind of pablum born from trying to establish that there is a problem where one doesn't actually exist. Does anyone imagine that polling the nation's universities on this question would result in some schools saying, "Meh, free expression isn't that big a deal"? Come on.As for disinviting speakers that "members of the campus wish to hear from", let's talk about that. First, how many members of campus are we talking about? And how are we to gauge their interest? If some tiny college group wants to invite a controversial speaker to campus to speak, where 90% of the campus doesn't want them anywhere near the campus, the administration is simply supposed to keep its hands tied? Or are the numbers something different? All of this is unclear in the law, even as it happily neuters a school's ability to manage its own campus. Why is a state legislature a better arbiter of who belongs on campus than the school itself?Then there are the disciplinary sanctions on students that "interfere with the free-speech rights of others". This is the really silly part, because it seeks to scholastically criminalize speech in order to protect speech. The proponents of this law will want to say that this refers to students rioting, or accosting would-be invited speakers, but there are already laws on the books to prosecute those crimes. Instead, this law seeks to punish students that attempt to shut down speaking engagements via peaceful protest, which is a form of speech. The law originally required mandatory suspension from school for students who are found to have violated the law twice. The universities beat that back and had it struck, but the proponents of the bill aren't even pretending that they aren't trying to stop anything other than the speech of students, while also detailing how its newly-created committee reports will be used to simply toss out adminstrators lovers of the law don't like.
Without the mandatory suspension for a second offense, the university could conceivably undermine the law through lax enforcement. Yet it’s not as simple as that. If the university refuses to discipline shout-downs in the wake of passage of this law, there will be consequences. For one thing, the annual report of the Board of Governors will either condemn the refusal to discipline, or the committee will itself be subject to public criticism. A negative report on the administrative handling of discipline would give the Board of Regents a reason to replace administrators, and legislators a reason to cut university funds.
Punishing "shout-downs"? That's a pretty bald-faced acknowledgement that this bill will curb the free speech of students in favor of the free speech of invited speakers. In other words, this bill cuts in only one direction: students that are paying to attend school now have less speech rights than guests invited onto the campus. If that doesn't immediately demonstrate how flatly gross this bill is, you need to recalibrate your sensors.Look, I said this in the last post, but I'll say it again: anyone that wants to say that campuses today are not as open to outside or unpopular viewpoints as they once were or should be won't get anything other than agreement for me. I tend to think the problem is overstated in certain circles, but I do agree that campuses today are generally less open-minded than they should be. But the solution to that is to win the argument via speech, not to run crying to state legislatures to simply curb the speech of others.

Permalink | Comments | Email This Story


Read more here

posted at: 12:00am on 10-Aug-2017
path: /Policy | permalink | edit (requires password)

0 comments, click here to add the first



August 2017
Sun Mon Tue Wed Thu Fri Sat
   
   







RSS (site)  RSS (path)

ATOM (site)  ATOM (path)

Categories
 - blog home

 - Announcements  (0)
 - Annoyances  (0)
 - Career_Advice  (0)
 - Domains  (0)
 - Downloads  (3)
 - Ecommerce  (0)
 - Fitness  (0)
 - Home_and_Garden  (0)
     - Cooking  (0)
     - Tools  (0)
 - Humor  (0)
 - Notices  (0)
 - Observations  (1)
 - Oddities  (2)
 - Online_Marketing  (0)
     - Affiliates  (1)
     - Merchants  (1)
 - Policy  (3743)
 - Programming  (0)
     - Bookmarklets  (1)
     - Browsers  (1)
     - DHTML  (0)
     - Javascript  (3)
     - PHP  (0)
     - PayPal  (1)
     - Perl  (37)
          - blosxom  (0)
     - Unidata_Universe  (22)
 - Random_Advice  (1)
 - Reading  (0)
     - Books  (0)
     - Ebooks  (0)
     - Magazines  (0)
     - Online_Articles  (5)
 - Resume_or_CV  (1)
 - Reviews  (2)
 - Rhode_Island_USA  (0)
     - Providence  (1)
 - Shop  (0)
 - Sports  (0)
     - Football  (0)
          - Cowboys  (0)
          - Patriots  (0)
     - Futbol  (0)
          - The_Rest  (0)
          - USA  (0)
 - Technology  (1049)
 - Windows  (1)
 - Woodworking  (0)


Archives
 -2024  March  (164)
 -2024  February  (168)
 -2024  January  (146)
 -2023  December  (140)
 -2023  November  (174)
 -2023  October  (156)
 -2023  September  (161)
 -2023  August  (49)
 -2023  July  (40)
 -2023  June  (44)
 -2023  May  (45)
 -2023  April  (45)
 -2023  March  (53)
 -2023  February  (40)


My Sites

 - Millennium3Publishing.com

 - SponsorWorks.net

 - ListBug.com

 - TextEx.net

 - FindAdsHere.com

 - VisitLater.com