Is It Wrong to Use Data From the World’s First ‘Nice’ Botnet?

The Internet Census was illegal. Somebody — nobody knows exactly who — had built a network of hacked computers called the Carna botnet to generate the data. According to a remarkable academic paper the hacker published with his census, he had taken steps to minimize his botnet’s harm. He installed it mostly on routers and set-top boxes and says he took steps to make sure that it didn’t hog system resources.

via Is It Wrong to Use Data From the World’s First ‘Nice’ Botnet? | Wired Enterprise | Wired.com.

Programmatic’s Toolbar Problem | Digiday

Recently, some exchange operators and SSPs have attempted to clamp down on these toolbars and plugins. Google, for example, said it will stop supplying ads to browser software that “unexpectedly” inserts ads into the browser. It didn’t say it’ll stop working with it altogether, though, just that it must be pre-approved by Google and transparent about what it is they do to users’ machines. In other words, if a user agrees upon install to have ads inserted into pages, then that might be OK.

via Programmatic’s Toolbar Problem | Digiday.

“A new digital arms race is looming”

This writer needs to search my blog for “adware”.  This is a war that’s been going on since the beginning.

Users, advertisers, browser companies, and website owners are pitted against one another in a battle over online advertisements and the way individual consumer information is used to deliver targeted ads.

via How to Prevent the ‘Do Not Track’ Arms Race | Wired Opinion | Wired.com.

Web Privacy, and How Consumers Let Down Their Guard – NYTimes.com

TLDR: Behaviorally, humans make inconsistent decisions on giving away private data for money.  This article is about a researcher who combines behavioral economist (of the Kahneman variety) with online privacy issues:

IF iron ore was the raw material that enriched the steel baron Andrew Carnegie in the Industrial Age, personal data is what fuels the barons of the Internet age. Mr. Acquisti investigates the trade-offs that users make when they give up that data, and who gains and loses in those transactions. Often there are immediate rewards (cheap sandals) and sometimes intangible risks downstream (identity theft). “Privacy is delayed gratification,” he warned.

via Web Privacy, and How Consumers Let Down Their Guard – NYTimes.com.

“human mobility patterns are so predictable it is possible to identify a user from only four data points.”

 a study in Scientific Reports warns that human mobility patterns are so predictable it is possible to identify a user from only four data points.

via BBC News – Mobile location data ‘present anonymity risk’.

Nielsen Now Tracks Bank Statements, Credit Card Transactions | Media – Advertising Age

Nielsen is going beyond trying to track everything you watch to tracking everything you buy — adding data from what an executive said is “virtually all” credit and debit-card purchases plus bank statements, including online bill payments and paper checks, to what it already gets from food and drugstore purchases.

Nielsen is anonymously matching all that data through an undisclosed third party to members of its TV ratings panel, an executive of the company told Advertising Age, and plans to expand such matching to online and other measurement services. Linking TV audiences to their purchases has been available to packaged-goods marketers for a few years through Nielsen Catalina Solutions and elsewhere based on data from retailer loyalty programs. But Nielsen’s broader data set opens the capability to telecom, restaurant, travel, entertainment, financial services and virtually all retail advertisers.

via Nielsen Now Tracks Bank Statements, Credit Card Transactions | Media – Advertising Age.

Petition | Oracle Corporation: Stop bundling Ask Toolbar with the Java installer | Change.org

I’m pretty sure this was going on in the pre-Oracle days:

Java is a software package beloved by users and developers all over the world. Unfortunately Oracle Corporation decided to sacrifice the integrity of Java by bundling Ask Toolbar with Java in order to make few pennies per download in profit.

via Petition | Oracle Corporation: Stop bundling Ask Toolbar with the Java installer | Change.org.

Malware and deceptive installs news round up!

What decade are we living in???  When’s the last time there was enough news on this that we could do a round up?

• Oracle’s Java plugin for browsers is a notoriously insecure product. Over the past 18 months, the company has released 11 updates, six of them containing critical security fixes. With each update, Java actively tries to install unwanted software. Here’s what it does, and why it has to stop.  A close look at how Oracle installs deceptive software with Java updates | ZDNet.

• Last week there was some controversy online about a company we funded called InstallMonetizer. IM makes software that companies can put in their Windows installers that offers other software to the user as part of the install process.  What we discovered about InstallMonetizer

automatically capture all gestures and interactions in mobile apps

Delight enlightens developers and designers on how their users interact with their iOS applications. We seamlessly record your application screen and automatically capture all gestures.

via Delight.

Trojan Disguised as Trend Micro Component Drops BitCoin Miner App | Security Intelligence Blog | Trend Micro

You knew it was coming:

Malware writers have devised lots of social engineering tactics to lure users into their scheme. This time around, we saw a Trojan passing itself off as a Trend Micro component as a way to trick users into downloading and executing it.

via Trojan Disguised as Trend Micro Component Drops BitCoin Miner App | Security Intelligence Blog | Trend Micro.