Privacy Weekly Episode 3

Welcome to Episode Three

šŸ‘‹ If you're new here, welcome! If you've visited before, welcome back!

It's been another week of interesting privacy revelations. From the BBC being accessible on the dark web to yet another hack with an impact on privacy (this time of NordVPN).

If you like what you see in this episode, please subscribe! I'll only use your Email address to send newsletters, and won't sell it to third parties.

Latest Version Of Firefox Shows Online Trackers

Firefox 70 is out now! Mozilla, makers of Firefox, have continued to improve Firefox with enhancements that help to secure users' privacy while browsing.

Firefox 70 improves blocking of online (cookie) trackers. Online tracking is a big problem, with an average website having 12.5 cookie trackers. The great thing about this latest version is that you can see how many trackers are being blocked while you're browsing online.

Mozilla is able to determine which cookies are tracking its users by getting a list of known trackers from US privacy company Disconnect.

Another great feature that Firefox has, according to the Wired article, is if you use the Firefox password manager (LockWise), it will warn you if you have any passwords that are known to Have I Been Pwned. If a users password is known to Have I Been Pwned, it should be changed immediately, because it could be known to hackers.

Bottom line: You should download and use Firefox if you aren't already doing so.

Links: Firefox, Wired, Disconnect, Have I Been Pwned

BBC Launches Tor Mirror

The BBC has launched its website on the dark web, accessible via the Tor network.

Why have they done so? Because they want to maximise accessibility. Currently, if a regime or government decides to block access to its website, its relatively easy to do so. With the BBC website available on the dark web, it will make it more accessible.

Zoom out:

  • This is important because the web is increasingly political. Certain countries block certain websites (such as Western news websites like CNN and BBC). Even US and European countries are starting to worry about services from other countries (mostly China, see the story below about TikTok).
  • The dark web is mostly associated with illegal activities such as buying and selling drugs, but it has legitimate uses as well. This further highlights the legitimate uses.

Links: BBC, BBC Tor address (only available on the dark web), TheVerge

US Lawmakers Want To Investigate TikTok As A National Security Threat

Two US lawmakers have asked the US director of national intelligence to investigate whether TikTok is a national security threat. That's because TikTok is owned by a Chinese company called ByteDance. Chinese companies, and Chinese industry in general, have deep links with the Chinese government and possibly intelligence agencies.

The worry is, if the Chinese government (agencies) start asking TikTok for information about US citizens, would they comply? That data could consist of location data, usage of TikTok, IP data and messages.

The big picture: The web, apps, and their usage by citizens could increasingly become more political as China starts to put US (and European) dominace of technology under pressure.

Links: TechCrunch, CNN, Washington Post

NordVPN Hacked

NordVPN, which is a popular online VPN service used by many to protect their privacy from their Internet Service Provider (ISP) or to access services that are geographically restricted (i.e. to pretend you are based in region A whereas you're actually in region B), confirmed that it was hacked!

It seems that the hack took place via a server in one of their data centers. An attacker gained access to the server via an insecure remote management system. The attacker may have gained access to other systems, but this is not confirmed by NordVPN.

NordVPN were slow to disclose the hack, it took place in March 2018 and it was discovered months ago, they claim they were still investigating the hack and wanted to understand the full details before disclosure.

Why would you use a VPN?

  • To protect from eavesdropping from your Internet Service Provider or potentially even a hostile government.
  • To protect from eavesdropping on unsecure networks (e.g. WiFi at Starbucks).
  • To show up in a different geographical region for online services - this is useful to see certain shows on Netflix, or to buy cheaper airline tickets.

Why does it matter? People use VPN's to protect their online activities. NordVPN being hacked puts that at risk because attackers could have had access to users browsing data, depending on how effective the hack was.

Links: NordVPN, TechCrunch, TomsGuide

179 GB's Of Customer Data Accessible by Reservation Management System Owned By Best Western Hotels

179GB of customer data, including customer personal data and reservation data of hotels and trips, was available online due to a weakness in a search system used by the company.

The open database was discovered by white hat hackers VPNMentor. They informed the company responsible and steps were taken to plug the open access.

How does this affect you? This is yet another weakness of a system whereby personal data was exposed. It may not have affected you personally (if your data isn't in the database), but it shows that (your) personal data held by companies is not always secure.