IntenseDebate - markstockley

12 years ago @ Naked Security - Facebook privacy, Goog... · 0 replies · +1 points

Our Sixty Second Security videos only cover content that we have already written up. You'll find links to articles about each of the subjects covered underneath the video with the heading 'In this episode'.

12 years ago @ Naked Security - Lightbeam shines a lig... · 0 replies · +1 points

Fixed, thanks.

12 years ago @ Naked Security - 96% of businesses are ... · 0 replies · +1 points

Thanks Michael, it should be fixed shortly.

12 years ago @ Naked Security - Lightbeam shines a lig... · 1 reply · +1 points

John was describing a 3rd party service we use having already explained that 3rd party services can set cookies and track your visit.

If you'd like more detail on those services and the cookies they set a full list is provided on the Cookies and Scripts page which John links to from the end of the article.

12 years ago @ Naked Security - Facebook mulls silentl... · 0 replies · +2 points

But this technology is not unique to Facebook and nor is it new. Facebook are simply saying in public that they might use this technology in future.

All of which is to say that taking specific measures against Facebook does not protect your privacy here. For all you know you have been using sites that track you like this for years.

12 years ago @ Naked Security - Facebook mulls silentl... · 0 replies · +1 points

This article is about tracking the pointer arrow but tracking either is trivial.

You can capture the pointer coordinates at any time so long as its over the web page. To capture it as a 'movie' you simply capture the coordinates as many times a second as you need.

The cursor, when used, triggers an event called 'focus'. You can track which element has focus, or has lost focus, at any given time. You've probably seen this in action with search fields that grow when you click in them or where default search text disappears. This is done using focus rather than clicks so it works if people use the tab key to navigate between elements.

12 years ago @ Naked Security - Cheeky Lavabit *did* h... · 0 replies · +1 points

Hi Peter - I was trying to respond in broad brush strokes to Erik's point that it's not technically feasible to protect every user individually. I believe it is and SNI is an example of a technique that might allow it, there are others.

Although I don't want to get into designing this imagined system on-the-hoof I will say that Hostnames, IP addresses and usernames are not secrets in my book and shouldn't make you insecure if discovered. If you're relying on those things being secret then I think that's a problem.

12 years ago @ Naked Security - "You can't have your p... · 0 replies · +1 points

Hi Adam,

Our blog uses a comment system called IntenseDebate, if you have javascript disabled or IntenseDebate blocked then you'll see the native comments. In IntenseDebate (that Lisa and I are seeing) the URL is not truncated. In the native comments it's truncated - apologies.

We'll get that fixed but in the meantime here's a short link to the same destination that hopefully won't truncate.
http://goo.gl/0FIi48

12 years ago @ Naked Security - Facebook mulls silentl... · 1 reply · +2 points

Quite. But not for this. Anyone can do this and you won't know if they are. So you either have to put up with it, stop using the web or use something like noscript to block the execution of scripts that you're unsure of.

12 years ago @ Naked Security - Facebook mulls silentl... · 0 replies · +3 points

If Facebook want to do key logging then they can - so long as you're browsing one of their pages they can capture everywhere your cursor goes and everything you type. I'm not saying they do, I've no idea, I'm just saying it's possible - any website can do it and it's very easy. The hardest part is storing and processing the data.

For example, if I had decided to stop writing this comment half way through and then deleted it without ever submitting it, it's entirely possible for the web page I'm typing into to have captured everything I typed even though I never 'sent' it.

IntenseDebate Comment System

Connect with markstockley

People I'm following

markstockley