384.6 Now sharing data to Trend Micro?

[Vexira]

Yeah, on ya mate! True, our Government is full of hot wind and they don't even understand what they're doing, from the thing I hear and read. It's an embarrassment.


Sent from my iPhone using Tapatalk Pro

Just look at what they have said about the NBN and piracy with faster speeds, 99% of what their doing is fixing make believe issues.

 

[Skeptical.me]

Just look at what they have said about the NBN and piracy with faster speeds, 99% of what their doing is fixing make believe issues.

The NBN is one of the greatest Australian Government stuff ups. Sure Labor was having issues with it as well. But given the amount now spent, and the maintenance of the copper lines, FTTP made more sense for now and our future. It's a damn shame what Abbott's policies have left us with.


Sent from my iPhone using Tapatalk Pro

 

[Vexira]

Anyways back on topic, ok not worried about trend phoning home since it's for validation purposes tor determine if the sites are legitimate, and it's blocked alot of garbage for me.

 

[bitmonster]

Out government is just full of hot air, the meta data law is an illegal breach of privacy, but they have no way of storing all of it so it's bound to fail, and it's good to see a fellow Aussie.

Also I'd test out an alternative DNS provider, in sure there is some privacy focused ones.

Well Cloudflare (1.1.1.1) claims to be private and audited to be just that. There are probably others but there is no guarantee.

And it's not illegal because the law allows it. It is only illegal if the law does not allow it. That's why it's called the 'law' set by our, apparently democratically elected monkeys.

It's not bound to fail - it is very achievable.

The best we can do is educate people to both protest about this, while raising awareness about privacy. I don't use supermarket 'points' cards for example. They're pointless - you need to spend maybe $100k to get a toaster - and they actually make significant revenue from selling your data.

So just spread the word and keep using Merlin (what a legend he is) - with Diversion and Skynet )))

VPN's are pointless. They probably make the problem even worse by just shifting the issue to yet another unknown entity run who by who knows.

Anyways back on topic, ok not worried about trend phoning home since it's for validation purposes tor determine if the sites are legitimate, and it's blocked alot of garbage for me.

Fair enough... yep noted, back on topic...

It has blocked a lot of garbage and I'm leaving it on.

 

[Vexira]

The NBN is one of the greatest Australian Government stuff ups. Sure Labor was having issues with it as well. But given the amount now spent, and the maintenance of the copper lines, FTTP made more sense for now and our future. It's a damn shame what Abbott's policies have left us with.


Sent from my iPhone using Tapatalk Pro

Actually I read somewhere that labour wanted to do it in the first place put in fttn then Telstra said no, they only said yes to the libs.

 

[Skeptical.me]

Anyways back on topic, ok not worried about trend phoning home since it's for validation purposes tor determine if the sites are legitimate, and it's blocked alot of garbage for me.

Yeah, I went off topic a bit there. Sorry about that.


Sent from my iPhone using Tapatalk Pro

 

[bitmonster]

Yeah, I went off topic a bit there. Sorry about that.

Maybe we can start a dedicated privacy thread here ... There's clearly sufficient interest and the router can support these aims well.

 

[Skeptical.me]

Maybe we can start a dedicated privacy thread here ... There's clearly sufficient interest and the router can support these aims well.

Great idea !!


Sent from my iPhone using Tapatalk Pro

 

[M@rco]

Yeah, on ya mate!

I was waiting for that to happen

Even though I'm very privacy minded I found out yesterday that Dutch ISPs are legally bound to upload their entire customer database daily, along with the last seen IP to the Dutch authorities. Refusal is considered an 'economic crime' (yeah, right). However, the law is unclear. So the DoJ, police, intelligence agencies aren't clear when and how they can use the data within the bounds of the legislation, hence they're just doing what they think is good and that behaviour is apparently condoned. GPDR compliant? Nah, don't think so...

 

[Skeptical.me]

I was waiting for that to happen

Even though I'm very privacy minded I found out yesterday that Dutch ISPs are legally bound to upload their entire customer database daily, along with the last seen IP to the Dutch authorities. Refusal is considered an 'economic crime' (yeah, right). However, the law is unclear. So the DoJ, police, intelligence agencies aren't clear when and how they can use the data within the bounds of the legislation, hence they're just doing what they think is good and that behaviour is apparently condoned. GPDR compliant? Nah, don't think so...

I only have a rough understanding of the GPDR and that doesn't seem to comply with it.


Sent from my iPhone using Tapatalk Pro

 

[RMerlin]

If Trend Micro only sent or do send blocked domains or something I'm ok with that. They should not need to see all domains visited though.

Malicious Website blocking leverages their cloud-based WRS service, which is why URLs are sent to their servers for checking.

This is nothing unusual, Microsoft also uses cloud-based analysis (see how SmartScreen will complain about being unable to reach a remote server if your Internet connection isn't working properly when it needs to scan something). Cloud-based analysis is the only way to stay up-to-date, as new malicious content is constantly being discovered Relying on a local signature file is no longer a reliable solution, the window of opportunity for a malware to slip in is too large.

 

[agilani]

Tor is nothing special. Who would freely give up their bandwidth for a tor node/relay? The dark web didn't exactly keep the US government from tracking down people. Do you know which relays your traffic is going through?

And most vpn companies are some nameless entity with no real person or entity behind it (and as a result no accountability). The best it can do is move the data beyond the jurisdiction of your locality. Pia was shut down in Russia because they did not keep history and when their servers were taken over in Russia they had to change all of their encryption keys globally as a result. But who exactly is London Trust Media?

Secrecy and security are not the same thing. The same way being anti war and being for peace are not the same thing. The difference seems subtle, but they are very different.

 

[RMerlin]

Once again, people are getting over the top with all of this. Seriously.

When you go into a store and you get a product off the shelves, the clerks and security camera can see everything you look at or pick up. Has anyone every complained about that?

When you take the bus or the subway, there are security cameras in various places, seeing when you get on the bus. The person living in front of the bus stop might see you go there every day at the same hour. Heck, even the driver can recognize you, since they can see your face. Does that bother anyone?

Just like the street, the public transportation system or a large store, the Internet is a PUBLIC network. There is no such thing as complete privacy on the Internet. If people can't deal with that, then they can only stay offline. All of these so-called privacy measures bring absolutely zero privacy. VPN tunnels mean that your info is handed out to the VPN provider (and transit routers still see your trafic once it leaves the VPN server). DNS queries have to reach a DNS server at some point if you want to be able to resolve any hostname.

Yes, I agree you have to control where your info ends up. Be careful with what you share - don't make a public Facebook post indicating there will be nobody at your home for the next two weeks because you're going on vacation. Yes, that makes sense. But don't get worked out over things that are inherent to how the Internet works, or will have absolutely zero impact on your life. If someone from IP 1.2.3.4 accessed website www.smut.tld, do you really think anyone will care? And even if someone cares and does compile statistics, how does it affect your life? Will your neighbour point at you saying you spend time browsing porn on the Internet? No, because nobody who knows you will ever get that kind of information.

If an ISP has 300,000 subscribers, it's very, very unlikely that any of their employees will start browsing logs to see if they know anyone of these 300,000 subscribers just so they can name & shame you.

Trend Micro probably gets MILLIONS of queries on their cloud server. What makes you think that you are so important that anyone will spend a few days trying to read those queries just so they can single YOU? Do you think they will go to all of those ISPs with a list of IPs, and ask for the names of the owners of those IPs? (BTW, a copyright troll recently tried that here in Canada. Court stated that ISP were entitled to billing them a certain amount for each lookup. End result is the copyright troll went away.) And that's assuming they bothered with logging those millions of queries to begin with (as previously repeated, a EULA does not indicate what a company DOES, only what it MIGHT do, and often it's just legalese to protect themselves against just your average system-level logging that nobody within the company might even have thought was there. You know, like the default Apache web logs that someone might not have considered when setting up a web proxy on a network.)

If a company can take millions of anonymous data points, and use that to make a profit, which in turns means you get a service for a lower price (or even for free), why is that a problem? What makes YOU so unique that YOU would be singled out by anyone using that data? And if no company ever did that any longer, would you be OK with having to pay 20% more for your antivirus, 20% more for your Internet connection, 20% more for your cable TV service, and so on? Paying an extra 50$ on your smartphone? No longer being able to do a web search, and have to do it the 90s ways of going through portals listing sites?

Stop being "offended" because a company is trying to lower the price of their service by using data that will never have any direct impact on your personal life. Privacy is about someone not being able to know what YOU did. Thing is, companies that kind of data and anonymizing it are not able to know what YOU did. Only what "someone" did.

 

[RMerlin]

VPN's are pointless. They probably make the problem even worse by just shifting the issue to yet another unknown entity run who by who knows.

If I were a police force looking to track down criminals, one of my first Internet targets (beside ISPs themselves) would be the transit providers used by these VPN providers. What a nice aggregated set of data.

 

[Skeptical.me]

Once again, people are getting over the top with all of this. Seriously.

When you go into a store and you get a product off the shelves, the clerks and security camera can see everything you look at or pick up. Has anyone every complained about that?

When you take the bus or the subway, there are security cameras in various places, seeing when you get on the bus. The person living in front of the bus stop might see you go there every day at the same hour. Heck, even the driver can recognize you, since they can see your face. Does that bother anyone?

Just like the street, the public transportation system or a large store, the Internet is a PUBLIC network. There is no such thing as complete privacy on the Internet. If people can't deal with that, then they can only stay offline. All of these so-called privacy measures bring absolutely zero privacy. VPN tunnels mean that your info is handed out to the VPN provider (and transit routers still see your trafic once it leaves the VPN server). DNS queries have to reach a DNS server at some point if you want to be able to resolve any hostname.

Yes, I agree you have to control where your info ends up. Be careful with what you share - don't make a public Facebook post indicating there will be nobody at your home for the next two weeks because you're going on vacation. Yes, that makes sense. But don't get worked out over things that are inherent to how the Internet works, or will have absolutely zero impact on your life. If someone from IP 1.2.3.4 accessed website www.smut.tld, do you really think anyone will care? And even if someone cares and does compile statistics, how does it affect your life? Will your neighbour point at you saying you spend time browsing porn on the Internet? No, because nobody who knows you will ever get that kind of information.

If an ISP has 300,000 subscribers, it's very, very unlikely that any of their employees will start browsing logs to see if they know anyone of these 300,000 subscribers just so they can name & shame you.

Trend Micro probably gets MILLIONS of queries on their cloud server. What makes you think that you are so important that anyone will spend a few days trying to read those queries just so they can single YOU? Do you think they will go to all of those ISPs with a list of IPs, and ask for the names of the owners of those IPs? (BTW, a copyright troll recently tried that here in Canada. Court stated that ISP were entitled to billing them a certain amount for each lookup. End result is the copyright troll went away.) And that's assuming they bothered with logging those millions of queries to begin with (as previously repeated, a EULA does not indicate what a company DOES, only what it MIGHT do, and often it's just legalese to protect themselves against just your average system-level logging that nobody within the company might even have thought was there. You know, like the default Apache web logs that someone might not have considered when setting up a web proxy on a network.)

If a company can take millions of anonymous data points, and use that to make a profit, which in turns means you get a service for a lower price (or even for free), why is that a problem? What makes YOU so unique that YOU would be singled out by anyone using that data? And if no company ever did that any longer, would you be OK with having to pay 20% more for your antivirus, 20% more for your Internet connection, 20% more for your cable TV service, and so on? Paying an extra 50$ on your smartphone? No longer being able to do a web search, and have to do it the 90s ways of going through portals listing sites?

Stop being "offended" because a company is trying to lower the price of their service by using data that will never have any direct impact on your personal life. Privacy is about someone not being able to know what YOU did. Thing is, companies that kind of data and anonymizing it are not able to know what YOU did. Only what "someone" did.

Very interesting. So, I've been lead to believe by those who advocate for internet privacy that Google, Facebook et. al. create user profiles for advertising purposes and these profiles can uniquely identify you, and all your interests, social connections, personal preferences, and so on. Personally, I don't feel comfortable with that if this is true, and that's why I don't use their services.

Also, by using VPN's that share an IP addresses with, say, a few hundred people it becomes harder for trackers to uniquely identify you, especially if your browsers fingerprint is less unique. Isn't this true?

You're completely correct about companies collecting Millions and Millions of data points and the vast majority of us are simply not that unique enough for anyone to bother to specifically look for our data. I get that.

One of my main reasons for using a VPN is also security, is there no point to using a VPN to stop things like a MiM attacks?

"If I were a police force looking to track down criminals, one of my first Internet targets (beside ISPs themselves) would be the transit providers used by these VPN providers. What a nice aggregated set of data."

I've heard people say this before, but yet so many VPN services have issues tracking down abuse of their service. But as you say if you're not unique enough for anyone to search for you online this isn't an issue. And companies that track you online are certainly not going to do this. So, if your not a criminal it doesn't matter.

I guess the sensible thing is to simply limit what you expose online.

 

[RMerlin]

Very interesting. So, I've been lead to believe by those who advocate for internet privacy that Google, Facebook et. al. create user profiles for advertising purposes and these profiles can uniquely identify you,

Unless you explicitely give them permission to share your personal information, then all they can do is assign a unique ID to a faceless entity. Advertisers partnering with Google/FB won't be able to tell that "you" is <insert your name here>. They just know that someone on the Internet, to whom they associated the advettiser ID 12345, will have this given marketing profile. This comes down to knowing what you share, and controling it when you can. Those large companies like Google do, for legal reasons.

Also, by using VPN's that share an IP addresses with, say, a few hundred people it becomes harder for trackers to uniquely identify you, especially if your browsers fingerprint is less unique. Isn't this true?

Fingerprinting, uniquely provided information (such as cookies) can ultimately lead back to you. And if anyone were to compromise (either with or without their permission) any of these VPN servers, then they can track everything back to you, just like your router is able to tell if a given web connection came from your laptop or your desktop.

One of my main reasons for using a VPN is also security, is there no point to using a VPN to stop things like a MiM attacks?

The goal of a VPN is to encrypt the communication between point A (you) and point B (the VPN server). So if you were in a restaurant using a public wifi, then yes, the VPN would increase your security, by encrypting everything between you and the VPN server - a malicious entity connected to that public hotspot would not be able to eavesdrop or intercept your data. While you are at home, the chances that you might be subject to a MiM attack that could be prevented by a VPN are next to none. You'd still be subject to potential MiM attacks between the VPN provider and the remote site you are connecting to.

I guess the sensible thing is to simply limit what you expose online.

Yes. I'm not saying people should just post everything they want and provide whatever personal information other parties might ask for. Just that you have to use common sense there, and not start losing any sleep over potential attacks, especially when legitimate legal entities are involved. There's a fine line between security and paranoia, and lack of knowledge often pushes people too far on the paranoia side of things.

I've heard people say this before, but yet so many VPN services have issues tracking down abuse of their service.

All it takes is one court order asking a VPN provider to allow the installation of a snooping device on their network, combined with a gag order preventing them from revealing its existence. So if your goal is to hide from the authorities (for whatever reason), a VPN provider is not going to protect you there.

 

[Skeptical.me]

Thanks for the reply.

You're completely correct about lack of knowledge leading to paranoia. The unknown coupled with all the media frenzy about data breaches, misuse of data, hackers, boogeymen inside my router (lol) etc can lead one into a state of fear.


Sent from my iPhone using Tapatalk Pro

 

[RMerlin]

Thanks for the reply.

You're completely correct about lack of knowledge leading to paranoia. The unknown coupled with all the media frenzy about data breaches, misuse of data, hackers, boogeymen inside my router (lol) etc can lead one into a state of fear.

My grandfather reject my mom's idea of having a water cooler to provide he and my grandmother with cool water in the summer. His reason was "because electricity and water don't mix".

 

[Skeptical.me]

My grandfather reject my mom's idea of having a water cooler to provide he and my grandmother with cool water in the summer. His reason was "because electricity and water don't mix".

Yeah, I see your point.

Thanks for making me more aware


Sent from my iPhone using Tapatalk Pro

 

[agilani]

Eric,
Although i do agree with most of what you are saying....having worked for companies in the data collection business, having someone compile pages and pages of personal data on you without consent or buy in to their objective is a problem. This data collection goes well beyond phone numbers and preferences now.

Most of us however gladly give up the right to privacy for free e-mail, web search, voice call, access to family photos. Last i checked no one here was complaining about using the trend micro aiprotection for free....

I do believe there needs to be better disclosure and explicit consent. Having the internet in its current state full of anonymous trolls and fake identities is also a problem. I would rather have trend micro specifically call out what data they collect, why, and what they use it for. I don't think the GDPR consent requirements are necessarily a bad thing, even if it only brings about a discussion of what social norms should be acceptable. I'm not sure much of GDPR is realistic however (like its predecessor) or the myriad of country/state/region privacy laws.

Looking at the android eco system, i am horrified by all of the apps and what they get access to. When i find some application like es file explorer that i've used for years and have paid for is collecting information even when not in use and sending it to servers in china that is a cause for concern. What is it collecting? Who is receiving the information? Did i give it root access?

Better solutions to the myriad of problems will only come from open discourse without people hiding behind fake pseudonyms.

regards,

Ali

"Progress is impossible without change, and those who cannot change their minds cannot change anything."
- George Bernard Shaw