It’s not your imagination: Shopping on Amazon has gotten worse

https://www.washingtonpost.com/technology/interactive/2022/amazon-shopping-ads/

[Amazon founder Jeff Bezos owns The Washington Post]

Sure, Google and Facebook are chock full of ads, too. But on Amazon, we’re supposed to be the customers, not the eyeballs for sale. We’re paying Amazon to buy a product and probably paying for a membership in its Prime two-day shipping product.

When you search for a product on Amazon, you may not realize that most of what you see at first is advertising. Amazon is betraying your trust in its results to make an extra buck.

I call it the “shill results” business. Even when they contain a tiny disclaimer label — as do Amazon’s — these ads can be misleading because they fill up spaces people have every reason to expect to collect trustworthy, independent information.

Privacy…

Tor vs. VPN: Which should you choose?

https://www.welivesecurity.com/2022/11/18/tor-vs-vpn-which-choose/

Tor and a VPN can significantly help you keep prying eyes away from your online life, but they’re also two very different beasts. Which suits your needs better?

Tor is focused on anonymity. It relies on a network of servers, known as Tor nodes, located worldwide. These servers are set up by volunteer individuals and organizations that allocate their resources, computer, and internet bandwidth to support the network operations. Tor connects you to a random network of at least three nodes.

VPN providers rely on a network of dedicated servers. Once you connect to them, your IP address will be hidden from the websites you visit, and only the VPN you’re using will know your real identity. Most reputable VPNs claim not to keep records of your online activity but do not provide anonymity.

++++++++

5 Free Tools to Check If Your Browser Is Safe and Private

https://www.makeuseof.com/free-tools-test-browser-security/

  1. Privacy Analyzer conducts various tests to help you gauge your browser’s safety. To launch it, press the START TEST button. In a few seconds, you will get five detailed reports explaining what the website you visit knows about you.
  2. Qualys BrowserCheck scans a browser for potential vulnerabilities and other security issues and notifies users if they need to remove a plugin, install an update, etc.
  3. Cover Your Tracks is a competent tool that tests if your browser protects you from tracking
  4. AmIUnique determines if your browser is leaving a unique fingerprint online, making it easier for advertisers to target you. In addition, it is more detailed (and technical) than Cover Your Tracks.
  5. Cloudflare’s tool will check if you are using a DNS resolver, analyze if you can be attacked via your browser, check if threat actors can see the certificates of websites your browser connects to, and so on.

Also included in the article is what to do if your browser fails, with recommendations on browsers and settings.

++++++++

Thinking about taking your computer to the repair shop? Be very afraid!

https://arstechnica.com/information-technology/2022/11/half-of-computer-repairs-result-in-snooping-of-sensitive-data-study-finds/

If you’ve ever worried about the privacy of your sensitive data when seeking a computer or phone repair, a new study suggests you have a good reason. It found that privacy violations occurred at least 50 percent of the time, not surprisingly, with female customers bearing the brunt.

Researchers recovered logs from laptops after receiving overnight repairs from 12 commercial shops. The records showed that technicians from six locations had accessed personal data and that two shops also copied data onto a personal device. In addition, devices belonging to females were more likely to be snooped on, and snooping tended to seek more sensitive data, including sexually revealing and non-sexual pictures, documents, and financial information.

++++++++

Google Changes Maps URL & Now Can Track You Everywhere – Even When You’re Not Using Maps

https://www.instapaper.com/read/1556652472

maps.google.com was the defacto domain for Google Maps. Also, for as long as I can remember, I allowed this domain to use the location services of my browser.

Yesterday I was asked to allow the usage of location services for Google Maps seemingly out of nowhere. Of course, I accepted. After all, I just wanted to check a route to a local business and was in a hurry. Back home, I opened Google Maps again and noticed maps.google.com now redirects to google.com/maps. This implies that the permissions I give to Google Maps now apply to all of Google’s services hosted under this domain.

Spies…

U.S. Bans Chinese Telecom Equipment and Surveillance Cameras Over National Security Risk

https://thehackernews.com/2022/11/us-bans-chinese-telecom-equipment-and.html

The U.S. Federal Communications Commission (FCC) formally announced it would no longer authorize electronic equipment from Huawei, ZTE, Hytera, Hikvision, and Dahua, deeming them an “unacceptable” national security threat.

“The FCC is committed to protecting our national security by ensuring that untrustworthy communications equipment is not authorized for use within our borders, and we are continuing that work here,” FCC Chairwoman Jessica Rosenworcel said in a Friday order.

OpenSource…

Misconfigurations, Vulnerabilities Found in 95% of Applications

https://www.darkreading.com/application-security/misconfigurations-vulnerabilities-found-in-95-of-applications

Nearly every application has at least one vulnerability or misconfiguration that affects security, and a quarter of application tests found a highly or critically severe vulnerability, a new study shows.

With open-source software comprising nearly 80% of codebases, it’s little surprise that 81% have at least one vulnerability, and another 85% have an open-source component that is four years out of date.

Scams…

New extortion scam threatens to damage sites’ reputation, leak data

https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-damage-sites-reputation-leak-data/

An active extortion scam targets website owners and admins worldwide, claiming to have hacked their servers and demanding $2,500 not to leak data.

The attackers are sending emails with “Your website, databases and emails has been hacked” subjects. The emails appear non-targeted, with ransom demand recipients from all verticals, including personal bloggers, government agencies, and large corporations.

Even though these emails can be scary to those website owners who receive them, it is essential to remember that they are just scams.

Listen to this episode

Malcare WordPress Security