Monday, September 28, 2015

CYBER SURVEILLANCE - Inside Britain


"Inside the British government’s sweeping cyber surveillance program" PBS NewsHour 9/26/2015

Excerpt

SUMMARY:  For years, the British government has reportedly tracked and stored billions of records of Internet use by British citizens and those outside the UK in an effort to track every visible user on the Internet.  Ryan Gallagher of "The Intercept" joins Hari Sreenivasan via Skype from Brighton, England, with more on UK cyber surveillance.

HARI SREENIVASAN (NewsHour):  For years, the British government has reportedly tracked and stored billions of records of Internet use by British citizens and people outside the U.K., in an effort to track every visible user on the internet.  That finding comes from “The Intercept” Web site, which is publishing findings from National Security Agency contractor (traitor) Edward Snowden’s leak on government surveillance practices.

“Intercept” reporter Ryan Gallagher wrote the story and joins me now via Skype from Brighton, England.

First of all, explain the scale of surveillance that was happening from the British equivalent of the NSA, the GCHQ.

RYAN GALLAGHER, THE INTERCEPT:  Well, the skill is quite phenomenal.  I mean, it’s hard to translate it when you just see the numbers.  But you’re talking about 50 (ph) to 100 billion metadata records of phone calls and e-mails every single day.  So vast, vast quantities of information they’re sweeping up.  And they were talking by 2030 having in place the world’s largest surveillance system, so, a system that surpasses even what the NSA and U.S. has built itself.

HARI SREENIVASAN:  OK, when somebody hears that there’s millions and billions and possibly trillions of pieces of data, they’re going to say, you know, what, how do you actually identify this is specifically me that’s doing this, or going to the site, or saying this thing in a chat room?

RYAN GALLAGHER:  Uh-huh. Well, I mean, we have — we don’t actually — one of the interesting parts of the story is that we had a bunch of specific cases where, for example, we had monitored something like 200,000 people from something like 185 different countries, so almost every country in the world, they have listened to radio source (ph) through their computer.  In one case, they decided to pick out just one of these people.  It seems like at random, and what web site he had been viewing.

So, it’s kind of an all-seeing system.  When you’re gathering that amount of information, it’s going to be something that does have an impact and effect in all of us really.

SPYWARE - Lenovo Machines


"Lenovo in the News Again for Installing Spyware on Its Machines" by Manish Singh, Computer Help Forums 9/24/2015

Despite launching a number of interesting products this year, Lenovo has perhaps got more press time for the things it has done wrong.  The Chinese technology conglomerate is back in news, this time for allegedly installing a program on at least some of its refurbished notebook lineup that is programmed to send users' feedback data to Lenovo.  Upon further inspection, the program seems to have an association with a third-party marketing and Web analytics firm.

As per many users' report, the company ships its factory refurbished laptops with a program called "Lenovo Customer Feedback Program 64" that is scheduled to run every day.  According to its description, Lenovo Customer Feedback Program 64 "uploads Customer Feedback Program data to Lenovo."

Upon further digging, Michael Horowitz of Computerworld found these files in the folder of the aforementioned program: "Lenovo.TVT.CustomerFeedback.Agent.exe.config, Lenovo.TVT.CustomerFeedback.InnovApps.dll, and Lenovo.TVT.CustomerFeedback.OmnitureSiteCatalyst.dll."
As he further pointed out, Omniture, as mentioned in the suffix of one of the files, is an online marketing and Web analytics firm, which suggests that the laptops are tracking and monitoring users' activities.

On its support website, the largest PC vendor noted that it may include software components that communicate with servers on the Internet.  These applications could be on any and every ThinkCentre, ThinkStation, and ThinkPad lineups.  One of the applications listed on the website is Lenovo.TVT.CustomerFeedback.Agent.exe.config.

This isn't the first time Lenovo has been caught shipping what appears to be a spyware on its machines.  Earlier this year, Lenovo was found bundling a spyware called "Superfish" on its machines.  In August, the company was caught covertly downloading and installing software on its Windows PCs.  The program modified the BIOS to force the computer to download its programs upon each login.

Tuesday, September 8, 2015

MICROSOFT - Privacy Invasion Port to Windows 7 and 8

"Microsoft backports privacy-invading Windows 10 features to Windows 7, 8" by Joel Hruska, Extreme Tech 9/31/2015

Excerpt

Every time Microsoft releases a new version of an operating system, there’s always a few users bitterly unhappy at the company’s decision not to support new features on older products.  Microsoft has finally listened to these die-hard devotees of older operating systems.  If you felt like Windows 7 and Windows 8 offered you a little too much privacy, rejoice: Microsoft is updating those operating systems with the same telemetry gathering software it deployed on Windows 10.

What?  You wanted DirectX 12?

Ghacks.net has discovered four KB updates for Windows 7 and 8, each of which is described as an “Update for customer experience and diagnostic telemetry.”  Each is detailed below:

KB 3068708:  This update introduces the Diagnostics and Telemetry tracking service to existing devices.  By applying this service, you can add benefits from the latest version of Windows to systems that have not yet upgraded.  The update also supports applications that are subscribed to Visual Studio Application Insights.

KB 3068708 is listed as collecting diagnostics about functional issues on systems that take part in the Customer Experience Improvement Program.  Determining whether or not you are a member of the CEIP, however, is less than obvious.  The KB also notes that “Most programs make CEIP options available on the Help menu, although for some products, you might have to check settings, options, or preferences menus.”  This is a recommended Windows update.

KB 3022345:  This update has been superseded by KB 3068708, but previously provided the same telemetry-tracking services.  It’s not clear how the two updates differ, but if you want to remove all traces of telemetry tracking, you’ll want to remove this update as well.

KB 3075249:  This update adds telemetry points to the User Account Control (UAC) feature to collect information on elevations that come from low integrity levels.  What this appears to mean is that MS wants more information about the kinds of applications that trigger UAC in the first place, presumably because it wants to know what they do and why they need that access.  This update is classified as Optional.

KB 3080149:  This update is described in identical language to the first two.  “This package updates the Diagnostics and Telemetry tracking service to existing devices.  This service provides benefits from the latest version of Windows to systems that have not yet upgraded.  The update also supports applications that are subscribed to Visual Studio Application Insights.”  It is provided as an Optional update, even though the first was classified a “Recommended” update.

Hard-coded phoning home

One of the assumptions made by various privacy advocates and journalists, including me, is that third-party utilities would be able to shut down the tracking Microsoft deployed in Windows 10.  To some degree, that’s already happened, but there are certain new “features” of Windows 10 that can’t be blocked by any OS-level tweaks, including the hosts file.  The updates listed above connect to vortex-win.data.microsoft.com and settings-win.data.microsoft.com.  These addresses are hard-coded to bypass the hosts file and cannot be prevented from connecting.  It’s been reported that software firewalls aren’t sufficient to block them, though this is unclear.

IMPORTANT:  You should uninstall updates in reverse order starting with KB3080149 and Restart after each uninstall run.  Uninstall KB3068708 LAST (it is the key update, the others are updates to this one).

The upshot for Windows 7 & 8 users who want MORE privacy, uninstall the listed 'updates' and hide them when they come up again.

There is more in the full article.

Monday, September 7, 2015

MICROSOFT - More Bullying, Browsers

"Microsoft steering Windows 10 users away from non-Microsoft browsers" by Cindy E, Computer Help Forums 9/6/2015

Microsoft is aggressively pushing its new web browser, Edge, to Windows 10 users when they attempt to search for other browsers - like Firefox or Chrome - using Microsoft's own browser.

The tactic was first spotted by VentureBeatand also picked up by MarketingLand, which ran several searches in Bing on Windows 10 to show the various ways that Microsoft is pushing Edge.


Right now, when Windows 10 users try to search for and download Google Chrome or Firefox from Microsoft's Edge browser, a dark bar appears at the top of the search results page saying that Microsoft recommends they use Edge, with a 'Learn Why' button.  Learn Why simply leads to a marketing page for the Edge browser.  (This experience was only reported in the U.S., by the way; we can't confirm whether this is something that Windows 10 users in other markets are seeing, as well.)

Tech companies promoting their own browsers, or preferred partner browsers, isn't new.  Google, for example, often suggests consumers use Google Chrome as their default browser while they're running Google searches.

But since Microsoft (and others) have been pointing fingers at Google for years for what they believe are anti-competitive practices, the move by Microsoft to push its own browsers when users try to download others is...interesting.

Mozilla CEO Chris Beard had already accused Microsoft of making it too difficult for Windows 10 users to choose Mozilla Firefox as the default browser in the new operating system.

"Microsoft Edge was designed exclusively for Windows 10 with features and functionality that enhance the browsing experience such as Cortana, Web Note and Quick answers," a Microsoft spokesperson said in a statement to The Verge.  "These notifications were created to provide people with quick, easy information that can help them get to know these experiences better.  That said, with Windows 10 you can easily choose the default browser and search engine of your choice."

Wednesday, September 2, 2015

WINDOWS 10 - Food For Thought, Ubuntu (Linux)

NOTE:  Ubuntu is free for non-commercial users.  Also, I have a Ubuntu laptop.

"Windows 10:  is it finally time to migrate to Ubuntu?" by Maria Bonnefon, Ubuntu Desktop 8/27/2015

Public and private enterprises across the world have been using Microsoft Windows for years, but it calls into question whether this is in fact the best choice or simply force of habit?

With recent security and performance issues coming to the fore, an increasing number of companies are exploring the benefits of using alternative Operating Systems, and harvesting the benefits of ultra secure, robust, high performance options.  Plus, the cherry on the top is that royalty, maintenance and training costs for users can be reduced by as much as 70 percent!

Ten years ago, such alternatives were only something companies could dream of.   They were locked into proprietary models that financially squeezed them, yet still failed to provide all the services required.  This is slightly reminiscent of Henry Ford’s choice of color for ‘Model T’ …. ‘you can have a car painted any color so long as it is black.’

Increasingly, CTOs are questioning whether they actually need to remain in this locked-in situation.  Frequently asked questions include: can I deploy an alternate OS in our computer park without compromising on productivity whilst reducing costs?  Will the performance of the OS deliver on its promise?  Will I be able to drive down royalty costs without having to make hefty financial investments on technical support and training?  The answer is yes.  Ubuntu can offer this and more.

So, now that Windows 10 has been announced, customers should ask themselves is this the right time to transition?  The ‘comfortable’ next move would be to simply upgrade; however, the heavy resource constraints on devices and meatier royalty fees have turned off even the most fervent Windows followers.  Top media across the globe are analyzing ways to snub Windows 10 (see Le Monde August 4, 2015 article ‘5 operating systems to snub Windows 10’) and, in my opinion, for mainstream users who care about their privacy, this is probably the best possible time to take a closer look at other choices.

Ubuntu continues to grow in popularity, not only with mainstream consumers, but also with Fortune 500 companies.  Moreover, government and top notch education entities across the globe have realized they can save millions of dollars, and invest funds more prudently for social programmes.

Microsoft is offering a free download of Windows 10 for a limited time.  This is great for many users, but it’s only available to those running Windows 7, Windows 8.1, and selected Windows Phone 8.1.  For everyone else, it’ll be available for $199USD for Windows 10 Home* or $199USD Windows 10 Pro*.

This is great if you are in the category of people that are able to spend this kind of cash.  However, that money might be better put towards more altruistic or even epicurean objectives, whilst still allowing you to benefit from a tremendous OS.  Food for thought?