Connect with us

Biz & IT

Mozilla flips the default switch on Firefox tracker cookie blocking

Published

on

From today Firefox users who update to the latest version of the browser will find a pro-privacy setting flipped for them on desktop and Android smartphones, assuming they didn’t already have the anti-tracking cookie feature enabled.

Mozilla launched the Enhanced Tracking Protection (ETP) feature in June as a default setting for new users — but leaving existing Firefox users’ settings unchanged at that point.

It’s now finishing what it started by flipping the default switch across the board in v69.0 of the browser.

The feature takes clear aim at third party cookies that are used to track Internet users for creepy purposes such as ad profiling. (Firefox relies on the Disconnect list to identify creepy cookies to block.)

The anti-tracking feature also takes aim at cryptomining: A background practice which can drain CPU and battery power, negatively impacting the user experience. Again, Firefox will now block cryptomining by default, not only when user activated.

In a blog post about the latest release Mozilla says it represents a “milestone” that marks “a major step in our multi-year effort to bring stronger, usable privacy protections to everyone using Firefox”.

“Currently over 20% of Firefox users have Enhanced Tracking Protection on. With today’s release, we expect to provide protection for 100% of ours users by default,” it predicts, underlining the defining power of default settings.

Firefox users with ETP enabled will see a shield icon in the URL bar to denote the tracker blocking is working. Clicking on this icon takes users to a menu where they can view a list of all the tracking cookies that are being blocked. Users are also able to switch off tracking cookie blocking on a per site basis, via this Content Blocking menu.

While blocking tracking cookies reduces some tracking of internet users it does not offer complete protection for privacy. Mozilla notes that ETP does not yet block browser fingerprinting scripts from running by default, for example.

Browser fingerprinting is another prevalent privacy-hostile technique that’s used to track and profile web users without knowledge or consent by linking online activity to a computer’s configuration and thereby tying multiple browser sessions back to the same device-user.

It’s an especially pernicious technique because it can erode privacy across browser sessions and even different browsers — which an Internet user might be deliberately deploying to try to prevent profiling.

A ‘Strict Mode’ in the Firefox setting can be enabled by Firefox users in the latest release to block fingerprinting. But it’s not on by default.

Mozilla says a future release of the browser will flip fingerprinting blocking on by default too.

The latest changes in Firefox continue Mozilla’s strategy — announced a year ago — of pro-actively defending its browser users’ privacy by squeezing the operational range of tracking technologies.

In the absence of a robust regulatory framework to rein in the outgrowth of the adtech ‘industrial data complex’ that’s addicted to harvesting Internet users’ data for ad targeting, browser makers have found themselves at the coal face of the fight against privacy-hostile tracking technologies.

And some are now playing an increasingly central — even defining role — as they flip privacy and anti-tracking defaults.

Notably, earlier this month, the open source WebKit browser engine, which underpins Apple’s Safari browser, announced a new tracking prevention policy that puts privacy on the same footing as security, saying it would treat attempts to circumvent this as akin to hacking.

Even Google has responded to growing pressure around privacy — announcing changes to how its Chrome browser handles cookies this May. Though it’s not doing that by default yet.

It has also said it’s working on technology to reduce fingerprinting. And recently announced a long term proposal to involve its Chromium browser engine in developing a new open standard for privacy.

Though cynics might suggest the adtech giant is responding to competitive pressure on privacy by trying to frame and steer the debate in a way that elides its own role in data mining Internet users at scale for (huge) profit.

Thus its tardy privacy pronouncements and long term proposals look rather more like an attempt to kick the issue into the long grass and buy time for Chrome to keep being used to undermine web users’ privacy — instead of Google being forced to act now and close down privacy-hostile practices that benefit its business.

Source link



Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Biz & IT

AT&T announces deal to spin off DirecTV into new company owned by… AT&T

Published

on

Enlarge / AT&T’s logo at its corporate headquarters on March 13, 2020 in Dallas, Texas.

Nearly six years after buying DirecTV for $48.5 billion, AT&T today announced a deal to sell a minority stake in the business unit and spin it out into a new subsidiary.

AT&T said its deal with private equity firm TPG Capital values the TV business at $16.25 billion. A press release said that AT&T and TPG “will establish a new company named DirecTV that will own and operate AT&T’s US video business unit consisting of the DirecTV, AT&T TV, and U-verse video services.”

AT&T will own 70 percent of the spun-off DirecTV company’s common equity while TPG will own 30 percent. DirecTV in its new form “will be jointly governed by a board with two representatives from each of AT&T and TPG, as well as a fifth seat for the CEO, which at closing will be Bill Morrow, CEO of AT&T’s US video unit,” the announcement said.

AT&T acknowledged that its DirecTV purchase didn’t work out as planned.

“With our acquisition of DirecTV, we invested approximately $60 billion in the US video business,” AT&T said in materials distributed to reporters. “It’s fair to say that some aspects of the transaction have not played out as we had planned, such as pay TV households in the US declining at a faster pace across the industry than anticipated when we announced the deal back in 2014. In fact, we took a $15.5 billion impairment on the business in 4Q20.”

Focus on 5G, fiber, and HBO Max

Separating DirecTV into a new unit will help AT&T focus on its key “strategic” areas of 5G mobile service, fiber Internet, and HBO Max, AT&T said.

“As the pay-TV industry continues to evolve, forming a new entity with TPG to operate the US video business separately provides the flexibility and dedicated management focus needed to continue meeting the needs of a high-quality customer base and managing the business for profitability,” AT&T CEO John Stankey said. “TPG is the right partner for this transaction and creating a new entity is the right way to structure and manage the video business for optimum value creation.”

The companies said they expect to close their transaction in the second half of 2021 and that it “is subject to customary closing conditions and to regulatory reviews.” AT&T said it expects to receive $7.6 billion in cash from the partial sale and that it will use the money to reduce its debt.

8 million TV customers fled AT&T

AT&T has lost over 8 million customers since early 2017 from its Premium TV services, which include DirecTV satellite, U-verse wireline video, and the newer AT&T TV online service. Total customers in that category decreased from over 25 million in early 2017 to 16.5 million at the end of 2020.

“Since AT&T closed the DirecTV acquisition in 2015, the business has generated cash flows of more than $4 billion per year, and the company expects this to continue in 2021,” today’s announcement said.

DirecTV’s deal with NFL Sunday Ticket apparently will not be disrupted, as AT&T said it will continue to “fund NFL Sunday Ticket for 2021 and 2022 (up to a $2.5B cumulative cap).”

Current video customers should not expect major changes, AT&T said.

“Existing AT&T video customers will become DirecTV customers at close and will be able to keep their video service and any bundled wireless or broadband services as well as associated discounts,” AT&T said. “AT&T and TPG are committed to a smooth transition and seamless customer experience and will work to further improve customer service and bring new features to DirecTV’s video services.”

Continue Reading

Biz & IT

Armed with exploits, hackers on the prowl for a critical VMware vulnerability

Published

on

Hackers are mass scanning the Internet in search of VMware servers with a newly disclosed code-execution vulnerability that has a severity rating of 9.8 out of a possible 10.

CVE-2021-21974, as the security flaw is tracked, is a remote code-execution vulnerability in VMware vCenter server, an application for Windows or Linux that administrators use to enable and manage virtualization of large networks. Within a day of VMware issuing a patch, proof-of-concept exploits appeared from at least six different sources. The severity of the vulnerability, combined with the availability of working exploits for both Windows and Linux machines, sent hackers scrambling to actively find vulnerable servers.

“We’ve detected mass scanning activity targeting vulnerable VMware vCenter servers (https://vmware.com/security/advisories/VMSA-2021-0002.html),” researcher Troy Mursch of Bad Packets wrote.

Mursch said that the BinaryEdge search engine found almost 15,000 vCenter servers exposed to the Internet, while Shodan searches revealed about 6,700. The mass scanning is aiming to identify servers that have not yet installed the patch, which VMware released on Tuesday.

Unfettered code execution, no authorization required

CVE-2021-21972 allows hacker with no authorization to upload files to vulnerable vCenter servers that are publicly accessible over port 443, researchers from security firm Tenable said. Successful exploits will result in hackers gaining unfettered remote code-execution privileges in the underlying operating system. The vulnerability stems from a lack of authentication in the vRealize Operations plugin, which is installed by default.

The flaw has received a severity score of 9.8 out of 10.0 on the Common Vulnerability Scoring System Version 3.0. Mikhail Klyuchnikov, the Positive Technologies researcher who discovered the vulnerability and privately reported it to VMware, compared the risk posed by CVE-2021-21972 to that of CVE-2019-19781, a critical vulnerability in the Citrix Application Delivery Controller.

The Citrix flaw came under active attack last year in ransomware attacks on hospitals and, according to a criminal indictment filed by the US Justice Department, in intrusions into game and software makers by hackers backed by the Chinese government.

In a blog post earlier this week, Klyuchnikov wrote:

In our opinion, the RCE vulnerability in the vCenter Server can pose no less a threat than the infamous vulnerability in Citrix (CVE-2019-19781). The error allows an unauthorized user to send a specially crafted request, which will later give them the opportunity to execute arbitrary commands on the server. After receiving such an opportunity, the attacker can develop this attack, successfully move through the corporate network, and gain access to the data stored in the attacked system (such as information about virtual machines and system users). If the vulnerable software can be accessed from the Internet, this will allow an external attacker to penetrate the company’s external perimeter and also gain access to sensitive data. Once again, I would like to note that this vulnerability is dangerous, as it can be used by any unauthorized user.

The researcher provided technical details here.

Positive Technologies

CVE-2021-21972 affects vCenter Server versions 6.5, 6.7, and 7.01. People running one of these versions should update to 6.5 U3n, 6.7 U3l, or 7.0 U1c as soon as possible. Those who can’t immediately install a patch should implement these workarounds, which involve changing a compatibility matrix file and setting the vRealize plugin to incompatible.

Continue Reading

Biz & IT

Verizon and AT&T dominate spectrum auction, spending combined $69 billion

Published

on

Verizon and AT&T dominated the US government’s latest spectrum auction, spending a combined $68.9 billion on licenses in the upper 3GHz band.

Verizon’s winning bids totaled $45.45 billion, while AT&T’s came in at $23.41 billion. T-Mobile was third with $9.34 billion as the three biggest wireless carriers accounted for the vast majority of the $81.17 billion in winning bids, the Federal Communications Commission said in results released yesterday. US Cellular, a regional carrier, was a distant fourth in spending, at $1.28 billion, but came in third, ahead of T-Mobile, in the number of licenses won.

The auction distributed 280MHz worth of spectrum in the “C-Band” between 3.7GHz and 3.98GHz. This spectrum will help carriers boost network capacity with mid-band frequencies that cover large geographic areas and penetrate walls more effectively than the higher millimeter-wave frequencies that provide the fastest 5G speeds to very limited geographic areas.

Mid-band spectrum doesn’t match the geographic coverage and obstacle penetration properties of the low-band spectrum below 1GHz, which was used extensively to deploy 4G networks. But there’s more spectrum available in the mid-band than in the low-band. Carriers are using a mix of low-, mid-, and high-band spectrum for 5G.

“It is essential to America’s economic recovery that we deliver on the promise of next-generation wireless services for everyone, everywhere,” FCC acting Chairwoman Jessica Rosenworcel said in the results announcement. “This auction reflects a shift in our nation’s approach to 5G toward mid-band spectrum that can support fast, reliable, and ubiquitous service that is competitive with our global peers. Now we have to work fast to put this spectrum to use in service of the American people.”

T-Mobile and US Cellular

Licenses are being distributed in 14 blocks of 20MHz each in 406 “partial economic areas” across the US, for a total of 5,684 licenses. Verizon Wireless (referred to as “Cellco Partnership” in the FCC auction) won 3,511 licenses in 406 areas, AT&T won 1,621 licenses in 406 areas, and T-Mobile won 142 licenses in 72 areas.

US Cellular’s $1.28 billion in winning bids accounts for 254 licenses in 99 areas, suggesting that it purchased licenses in parts of the US with lower demand from the big carriers. Overall, 21 bidders won spectrum licenses, which last 15 years.

Winning bidders must make down payments by March 10 and final payments by March 24, with the money going into the US Treasury.

Continue Reading

Trending