Posts Tagged ‘Electronic Frontier Foundation’

Is this the latest round in a fight against McCarthy-ism and fifties-style blacklisting or an overreaction to a law that protects intellectual property, privacy and copyright?

Basically, according to Wikipedia, the Stop Online Piracy Act (SOPA) allows the U.S. Department of Justice, as well as copyright holders, to seek court orders against websites accused of enabling or facilitating copyright infringement. Depending on who requests the court orders, the actions could include barring online advertising networks and payment facilitators such as PayPal from doing business with an infringing website. The bill also includes barring search engines from linking to such sites, and requires Internet service providers to block access.  Additionally, SOPA makes unauthorized streaming of copyrighted content a felony while offering immunity to Internet services that voluntarily take action against websites dedicated to infringement.

SOPA proponents say it protects the intellectual property market and corresponding industry, jobs and revenue, and is necessary to bolster enforcement of copyright laws especially against foreign websites.

Opponents, like the Electronic Frontier Foundation (EFF), hold that SOPA would create blacklists for online censorship, harm cybersecurity efforts, set bad international precedent, and lead to a fractured Internet.

Whatever side you take in regard to SOPA or if you believe both sides have valid points, the one area everyone agrees on is protection of online assets from fraud, theft and other cybercrimes.  And, nobody protects those assets better than ThreatMetrix™.

ThreatMetrix doesn’t rely on passwords, user names and cookies to protect its clients.  Instead the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals whether they’re in San Jose, Shanghai or St. Petersburg. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

The Electronic Frontier Foundation wants to let you in on a little-known fact about your browser:  it talks behind your back. The secret’s out thanks to a newly published study from a project EFF calls Panopticlick that set out to show how your browser can be used as a way to uniquely identify your computer.

This research project kicked off in January demonstrates how anonymous data from your browser can be used to identify your computer. EFF created a web application that “will anonymously log the configuration and version information from your operating system, your browser, and your plug-ins, and compare it to our database of many other Internet users’ configurations” to derive a uniqueness score that indicates how identifiable your computer is among a population of similarly logged computers.  I’ve been following the Panopticlick story and writing about it since March in this blog and in Security Week.

An article by Robert McMillan that appeared in ComputerWorld yesterday delves into EFF’s research and the privacy issues raised by the notion that a web site can stealthily identify and track your computer using your browser. The big “aha” reported in the news is that web sites can track you by way of your browser—a convenient discovery in light of Gartner Analyst Avivah Litan’s prediction that flash cookies will eventually lose their effectiveness as a means to identify a computer since Adobe has opened up control over flash cookies so users can control their privacy. The important question isn’t how a website references your computer to track you (cookie, LSO, browser, etc.)—it’s whether they have made it clear to you what they’re doing and for what purpose.

To illustrate, suppose my favorite online electronics etailer wants to profile my computer (browser, cookie, LSO, whatever) as a means to monitor my purchasing behavior.  In this scenario I want them to tell me that they are tracking me, and what they will or won’t do with my data.  Now, if the same etailer is profiling my computer to protect me (and their business) from fraud – I also want to know about it, I want to know what they’re doing with my data–and I’m glad to see that they’re taking steps to protect me. The same scenario for online banking  underscores this point because of the higher risk and greater loss potential. I would feel much better going online to bank if my bank profiled my computer and gave it a unique identify so that if someone else is trying to use my (stolen) personal credentials to try and login to my accounts from a computer other than mine, the bank can intervene.

Web sites of all stripes use cookies and IP addresses to identify you by your Internet connection and your computer—banks, SaaS applications, content providers, internet retailers  and so on.  I know too much about how easy it is to fool/get around/spoof/defeat these flimsy handles to trust them.  I would rather they employ a far more reliable method to profile my computer—you guessed it, ThreatMetrix;  because how a website profiles and references your computer is very important after all.

- Tom