Tag Archives: privacy

Tor is getting a major security upgrade


To hackers, spies, and cyber-criminals these days, calling Tor “secure” is a bit laughable. There are so many exploits and workarounds, along with unavoidable weaknesses to side-channel attacks performed in the physical world, that in some cases the false sense of cyber-security can end up making relaxed use of Tor less secure than paranoid use of the regular internet. If you’re someone looking to buy some weed on the internet (or communicate securely with your mistress), Tor is probably alright for you. If you’re looking to sell some weed on the internet, get in contact with a government informant, or share sensitive information between foreign activists, it probably isn’t. Tor is looking to change that.

This is coming specifically in the wake of recent revelations of wide-ranging vulnerabilities in Tor’s anonymity protocols. A high-profile expose accused researchers at Carnegie Mellon of accepting a government bounty (reportedly a cool million dollars) to de-anonymize certain Tor users (those specifically mentioned in the expose include a child porn suspect and a Dark Market seller). Their attack vector and others are just what cynical hacker-forum users have been prophesying for years, things like malicious Tor nodes and directory servers that exist solely to suck up the personal info of those Tor users they serve.

TorOne major initiative involves the algorithm governing the selection and use of “guard nodes,” which are the first anonymizing nodes used by a Tor hidden service, and thus the only nodes interacting with the legitimate IP, directly. Right now, a Tor connection might use multiple guard nodes and as a result open itself up to more vulnerability than necessary — now, the developers want to make sure that Tor connections use the minimum possible number of guard nodes, and preferably just one.

Another push hopes to reinforce the wall between dark web domains, the crawlers used by search engines, and specialized server-finders. One of the strengths of a hidden service is that it’s hidden — not just the physical location of the server hosting the service, but the digital address of the service itself, unless you’re specifically handed the randomly generated onion address. Keeping hidden services off of search engine results means that a private service can remain private, used only by those people specifically handed the address. Should an attacker find that address, Tor’s anonymity protocols should protect it. But attackers can’t even try to access services they have no idea exist.

silk road head

If you’re up to delving a bit deeper into the Dark Web, and you don’t mind looking at 99 useless sites for every interesting one, boot up the Tor Browser and take a look at this ingenious hidden service indexing tool for an idea of the level of crawling that can currently be done on the Deep Web.

The Tor Project exists to provide anonymity — that is its main function, and all other functions are in service to that. So, to attack the security of a Tor user (even a legitimately horrible criminal) is to attack Tor itself. It’s a tough principle to stand behind, at the end of the day — to get mad about police efforts to catch child pornographers. Yet, the security world is united; security researcher Bruce Schneider has called Carnegie Mellon’s alleged collaboration “reprehensible,” as did numerous other academic security researchers.

silk road 2Their reasoning is sound. There is simply no way to attack the availability of anonymity to bad people without also undermining the availability of anonymity to good ones. We also need to have a class of disinterested researchers who can interface with the criminal/quasi-legal cyber underground and have meaningful, honest conversations — we need this for social understanding, the maintenance of free speech, and effective law enforcement.

That’s not a perspective that seems to exist in the government, to any extent. The recent terrorist attacks in Paris have led to sustained attacks on encryption and anonymity, even before the investigation produced any evidence that the attackers had used encryption, and certainly in absence of any evidence that if they had not used encryption that they would have been detected reliably by French or international security agencies. The New York Times, which broke the story of an alleged encryption aspect to the attacks, has since pulled the story from their website.

Of course, the hacker/security community will take some time to win back, and may never return to the fold. There’s a significant number of people who still believe that Tor is an elaborate government honeypot with zero real security from government spying. That’s unlikely, but ultimately it’s the perception that counts. Can the Tor Project win back the hardcores? Perhaps not. But with its continuing, aggressive updates, it could keep us normies safer as we browse drug-lists without buying, stare uncomprehendingly at ISIS statements posted in Arabic, and just generally indulge the extremes of our intellectual curiosity.

In other words, it could keep the basic tenets of liberty alive just a little bit longer.

Tagged , , , , ,

Facebook ‘snooping’ requests increase 60 per cent in UK

Requests for personal data increase to 3,384 in the first six months of 2015, the social network reveals

Requests for Facebook users’ personal data have increased by 60 per cent in the UK in a year, with the social network fielding 3,384 demands in six months from the Government and law enforcement authorities.

Facebook’s latest Government Requests Report, released on Wednesday evening, revealed a significant rise in requests for information across the world.

Such requests can be made for different reasons, but Facebook says the vast majority relate to criminal investigations, including robberies, kidnappings and in some cases terrorism.

The data requested is often basic information, such as when a user has recently logged in, but authorities have also requested photos and private messages.

After the US and India, Facebook received more government requests in the UK than any other country. The revelations come amid growing scrutiny of official snooping on citizens, following last week’s publication of theInvestigatory Powers Bill, which overhauled the UK’s surveillance powers including requirements for internet providers to store browsing data.

During the first half of 2015, Facebook received 3,384 requests for data concerning 4,489 accounts. This was up from 2,110 requests in the same period a a year ago and 1,975 in the first half of 2013.

Facebook, which has more than 30 million users in the UK complied with 78 per cent of requests, up from 72 per cent a year ago.

In the wake of revelations from the whistleblower Edward Snowden, who alleged that the US government had widespread access to personal data held by technology companies, internet giants have taken to publishing regular transparency reports about official information requests.

Twitter said earlier in the year that UK requests had more than doubled in six months. Apple, Google and Microsoft have also seen increases in personal data requests in recent years.

“As we have emphasised before, Facebook does not provide any government with ‘back doors’ or direct access to people’s data,” it said.

“We scrutinize each request we receive for legal sufficiency, whether from an authority in the US, Europe, or elsewhere. If a request appears to be deficient or overly broad, we push back hard and will fight in court, if necessary.

“Over the last two years, we’ve regularly published information about the nature and extent of the requests we receive. To protect people’s information, we will continue to apply a rigorous approach to every government request we receive.

“We’ll also keep working with partners in industry and civil society to push governments around the world to reform surveillance in a way that protects their citizens’ safety and security while respecting their rights and freedoms.”

The UK was by far the biggest requester of Facebook data in the European Union, although France, Italy and Germany also requested thousands of account details.

The US requested 17,557 pieces of information, however, almost half the total. Facebook said total requests had increased by 18 per cent to 41,214.

Last week, Home Secretary Theresa May unveiled proposals for a so-called“Snoopers’ Charter”, the biggest overhaul of surveillance laws in 15 years.

The Investigatory Powers Bill would require tech firms to help decrypt personal communications if required to by warrant. Apple’s chief executive Tim Cook criticised the proposals this week, saying that “opening a backdoor could have dire consequences” for personal security.

Tagged , , , , ,

Facebook to Appeal a Belgian Court’s Ruling on Data Privacy

Facebook intends to appeal a privacy ruling in Belgium that forces the social media giant to stop collecting digital information about people who are not its users.

The ruling, announced late on Monday, is the latest in a number of European data protection cases that have engulfed Facebook, which collects reams of data on individuals’ online activities to power its fast-growing digital advertising business.

Many of the Continent’s data watchdogs, as well as the European Court of Justice, the European Union’s highest court, have also taken a tough line on how American technology companies gain access to, manage and use people’s digital information. The efforts are part of Europe’s strict data protection rules that have enshrined an individual’s privacy as a fundamental right on a par with freedom of expression.

In Monday’s ruling, a court in Brussels said that Facebook could no longer collect and store online information from people in Belgium who do not have an account with the social network. The court said that Facebook did not have individuals’ consent to gather the information.

The company had collected data on people’s online activities — both those of Facebook users and those of people who do not have Facebook accounts — through so-called digital cookies. The cookies, tiny files that attach themselves to users’ computers or smartphones, are embedded on Facebook pages and on those of other companies that have links to the social network though Facebook’s “like” button.

Facebook will face daily fines worth up to $270,000 if it fails to comply with the court’s decision, according to Belgian law.

In response, the company said that it had used cookies for more than five years without facing privacy complaints, and that it would now take its case to the Belgian Court of Appeal. But Facebook also said it would take steps to stop collecting online information about people in Belgium who do not use its site by the end of the week.

“We are working to minimize any disruption to people’s access to Facebook in Belgium,” Sally Aldous, a company spokeswoman, said in a statement.

The case was filed this year by Belgium’s data protection authority, which had balked at changes to Facebook’s terms and conditions that would have given the company greater say over how it collected and used individuals’ online information.

In total, five European privacy regulators — from Belgium, France, Germany, the Netherlands and Spain — are investigating whether the company’s new privacy conditions run afoul of their countries’ domestic data protection rules.

Facebook has fought to limit the impact of those investigations, saying that only the Irish data protection authority has jurisdiction over its new privacy conditions because Facebook’s international headquarters are in Dublin. Roughly 80 percent of Facebook’s 1.4 billion users outside North America are managed through its Irish base.

Despite the company’s efforts to rely on the Irish data protection regulator, though, many of Europe’s privacy watchdogs have sought an increasingly greater say in how digital information about their citizens is handled.

That position became stronger last month after the European Court of Justice gave national authorities greater powers over how companies like Facebook and Google store online data.

The court said that people’s digital information, like social media posts or search histories, could no longer be transferred to the United States under a 15-year-old agreement known as safe harbor. The judges ruled that the United States did not offer sufficient protection for Europeans if their data was misused by companies or by government agencies.

As part of its decision, the court also said that Europe’s national privacy authorities had the right to intervene if they believed their citizens’ data was at risk when companies moved information outside national borders.

And in a sign that regulators are taking advantage of their new powers, the Continent’s data protection authorities have demanded that Europe and the United States agree to a strengthened trans-Atlantic data transfer deal by early next year. If those efforts falter, regulators may start to fine companies that misuse Europeans’ online information. American and European Union officials are trying to negotiate a new pact.

Tagged , ,

Snapchat just reserved the rights to store and use all selfies taken with the device

Think that picture you’re about to send is temporary? Think again

The beauty of Snapchat is that the photos only last for a few seconds, unless your friend decides to screenshot them.

Even then, you get a notification, so can know exactly which photos of you are owned by someone else.

However, now, the app has changed its terms and conditions so it owns every single photo taken using the app.

Not only this, but if you use it, you’re consenting to the app doing whatever it likes with your photographs.

Not only that, but the privacy policy also states that by sharing your content on the service, you are also granting Snapchat permission to use your name, likeness and voice anywhere in the world, with no restrictions, on all media and distribution channels, forever.

This means that the photos people take, thinking they are temporary and private, could appear on Snapchat’s promotional material, on its website or even its social media accounts.

Snapchat has faced controversy before, as it claimed that all the photos sent on the device were automatically deleted from its servers.

This lead to a rise in ‘sexting’, where people would send risque images to one another using the app.

People who did this felt confident that the photos would self-destruct.

However, Snapchat admitted to the FTC that in fact the images are never actually truly deleted from a user’s device, and it is actually possible to recover the images.

The app hasn’t suffered from the scandals, however. It is valued at a reported $16 billion (£10 billion).

Evan Spiegel, the co-founder and chief executive of Snapchat, has spoken about what he thinks the app should be used for.

He said: “Historically photographs have been used to save really important memories, major life moments, but today, with the advent of the mobile phone and the connected camera, pictures are being used for talking.

“Now photographs are really used for talking, that’s why people are taking and sending so many photos on Snapchat.”

Tagged , , , , , , ,

Tor launches anti-censorship Messenger service

A new chat tool has been launched in an effort to improve the security of online messaging.

Tor Messenger allows users to chat over the Tor (The Onion Router) network in a way which hides the location of participants.

It means that the contents of messages will only be visible to the participants.

The service will also work with platforms like Facebook even in countries where they are banned.

The tool is currently in beta and will undergo security tests.

Users wishing to remain anonymous or access chat clients blocked in their own country could use Tor Messenger to chat via services like Facebook Chat, Google Talk, Twitter, Yahoo and Internet Relay Chat.

The program does not communicate via what’s often called the “dark web”, a collection of hidden websites and services, but rather by sending messages across a series of internet relays (or routers) so that their origin cannot be tracked.

These relays are called “bridges”.

Bypassing blocks

“They’re computers run by volunteers and in a censored area your computer will connect to these,” explained Steven Murdoch, a security researcher at University College London who has worked on Tor projects.

“Those services are not publicly listed anywhere – they should not be blocked even if access to the Tor network is blocked.”

In addition, messages may be encrypted to provide additional security. This feature is enabled by default, though both parties in a one-to-one chat would have to have off-the-record encryption (OTR) set up.

This requires the two parties to exchange a secret key which is needed to decode the messages they send to each other.

Interest in privacy

“At the end of the day some people really do need privacy and security so this would be important to them,” commented Jim Killock, executive director of the Open Rights Group.

He also told the BBC that he imagined the tool, once audited, could be used by whistleblowers, individuals wanting to complain about corruption or sources desiring to speak to journalists anonymously about a story.

“I think it shows the worries people have that chats and other clients are being snooped on,” he added.

Dr Murdoch also made the point that while the service was still being tested, it shouldn’t be used by those who have serious security concerns.

“It’s good for people to experiment with but not if you’ve got serious security requirements yet,” he told the BBC.

Tagged , , , , ,

WhatsApp and Facebook signals can be hacked to track your location

Hackers can monitor 4G mobile networks to detect users’ location using supposedly anonymised identifiers

Security researchers have revealed how simply contacting somebody via WhatsApp or Facebook messenger can reveal a smartphone owner’s location by exploiting a security flaw in 4G mobile networks.

A hacker could use the apps to discover the supposedly anonymised identifiers that are assigned to devices when they connect to a network, and use them to locate their owner, according to researchers in Finland and Germany.

When a smartphone connects to a mobile network, it is assigned a temporary number called a TMSI (Temporary Mobile Subscriber Identity). The network then uses this eight-digit number to identify a device, rather than a phone number, to make communication more private.

However, a hacker monitoring radio communications could tie this TMSI to an individual by sending them a Facebook message or WhatsApp chat, both of which trigger a special “paging request” from a network that contains specific location information about a particular TMSI number.

Anybody with a Facebook account can send another user a Facebook message. Unless the two users are friends, this message will end up inFacebook’s “Other” folder, a feature most users do not know about that is only accessible on the social network’s desktop version, but sending a user a message will still trigger a paging request.

Likewise, WhatsApp’s “typing notification” – a feature on the chat app that displays when a contact is composing a message – also triggers the connection. If a hacker has a victim’s phone number, they could send them a message on WhatsApp, and if the victim begins to type a response, the network issues a paging request.

Within these paging requests are location data, that on newer 4G networks can be used to track users’ locations to an area of 2km2.

Older 2G and 3G networks would place a particular smartphone within a given “tracking area” of around 100km2, representing less of a security issue, but modern 4G networks place them in smaller “cells” of around 2km2, making it much easier to pinpoint a smartphone.

This allows network issues to be better understood, but in this case, gives away more data about smartphone users.

Smartphone trackingCells are much more accurate than tracking areas  Photo: Aalto University

It is relatively easy to monitor these signals using easily-available network hardware, according to the researchers from Aalto University, the University of Helsinki, Technische Universitat Berlin and Telekom Innovation Laboratories.

Although TMSIs are supposed to refresh relatively often, in order to protect privacy, they can persist for up to three days, the researchers said.

More aggressive attackers can set up a fake network base station to accurately triangulate users. These stations can request reports from TMSI numbers, typically used in cases of network failure, which can accurately reveal a smartphone’s location. At least one device gave away its GPS co-ordinates after a failure request, the researchers said.

Tagged , , , , , , , , ,

Mark Zuckerberg: net neutrality is a first-world problem

Facebook founder says some net neutrality advocates go too far when they criticise efforts to bring internet to developing countries

Facebook founder Mark Zuckerberg has hit out at net neutrality advocates who claim that zero-rating – the practice of offering access to certain popular online services for free – should be prohibited.

Hosting a townhall Q&A session at the Indian Institute of Technology (IIT) Delhi earlier today, Mr Zuckerberg emphasised Facebook’s support for net neutrality – the principle that all websites should be equally accessible.

He said that Facebook supports regulation that prevents internet service providers from charging users for access to certain content, or from giving their own services an unfair advantage over rival services.

“That’s the kind of thing you can see hurts people, and you want net neutrality regulations in place that are going to prevent that,” he said.

Facebook founder Mark Zuckerberg addresses the Indian Institute of Technology (IIT) Delhi

He also said that the company’s Internet.org initiative – which provides free access to a selection of web services including Facebook, Google Search, Wikipedia, AccuWeather and BBC News via a mobile app – is built on an open platform, with no throttling or filtering.

However, in the case of zero-rating, he said that some people take the principle of net neutrality too far.

“When you have a student who is getting free access to the internet to help do her homework, and she wouldn’t have had access otherwise, who’s getting hurt there? We want that. There should be more of that,” he said.

“If there’s a fisherman in a village who now has some free access to the internet to help sell some of his fish and provide for his family, no one gets hurt by that. And that’s good. We need to get everyone on the internet.”

He added that most of the people that are pushing for net neutrality have access to the internet already.

Facebook founder Mark Zuckerberg addresses the Indian Institute of Technology (IIT) Delhi

“I see these petitions going around about net neutrality and that’s great, we need to mobilise on the internet on this stuff. But the people who are not yet on the internet cannot sign an online petition pushing for increased access to the internet,” he said.

“We all have a moral responsibility to look out for people who do not have the internet and make sure that the rules that benefit us, and make sure that operators can’t do anything that hurts us, don’t get twisted to hurt people that don’t have a voice.”

Mr Zuckerberg’s comments come after the European Parliament voted in favour of a proposal that aims to protect “net neutrality”.

As well as ensuring that internet providers offer a clear explanation of what download and upload speeds customers can expect, the legislation allows them to create “fast lanes” where websites can pay to have their content delivered more quickly.

It also allows zero-rating, which some legal experts and net neutrality advocates warn could allow companies like Facebook to become a monopoly, with other services eating up significantly more of mobile web users’ data allowances.

“Around the world, all the regulations that are put in place are basically honouring this principle – so good net neutrality provisions, blocking things that operators might do that hurt people, but also prioritising things like zero-rating that are necessary for making sure that we can connect everyone to the internet,” said Mr Zuckerberg.

“Just this week the EU released rules on net neutrality and zero rating where again they put in place some net neutrality rules, but were very clear that zero rating and things that provide some free access to the internet are clear to go. They’re going to be regulated separately and are not prohibited by any of the net neutrality regulations.”

Earlier this year, a group of Indian technology and internet companies pulled out of the Internet.org initiative, claiming that it threatened net neutrality.

Travel portal Cleartrip.com and media giant Times Group both announced that they would be withdrawing from the service, citing competition fears, and Times Group also called on other publishers to do the same.

The Internet.org app is currently available in Zambia, Tanzania, Kenya, Ghana, Colombia and parts of India. However, Facebook plans to expand the service, with Mr Zuckerberg promising to make it available wherever people need to be connected.

As well as the app, the Internet.org partnership is also looking at providing internet access in places that are currently unconnected using solar-powered drones, which can beam down laser-guided internet signals from the sky.

Tagged , , , , , , ,

M&S website temporarily suspended after leaking customers’ details

Updated: Around 800 Marks & Spencer customers had their personal details exposed online due to a technical glitch

British retailer Marks & Spencer temporarily suspended its website on Tuesday night, after some customers complained they could see each others’ details when they logged into their own accounts.

Posting on the company’s Facebook page, customers expressed alarm that they could see other people’s orders and payment details when registering for the new members club and card scheme called “Sparks.

“Interesting, I just created an M&S account to register my new Sparks card and out of a sudden I’m logged in to someone else’s account!” wrote Konstantinos Vlassis.

“M&S this is in breach of privacy and data security. I can see personal addresses, past orders and info of another account holder and I assume they can see mine? I can message you screen grabs if you want but this is not good security!”

Fellow customer Vanessa Frost wrote: “There seems to have been a data breach on your M&S website – if I log into my account on there it brings up another person’s details – this is happening to loads of people.”

M&S website

M&S said that the glitch was the result of an internal error rather than a third-party attack on the site, and said no financial data had been extracted. However, personal data, including names, dates of birth, contacts and previous orders were exposed.

The website was taken offline at about 6.30pm and was back on by 9pm.

“We can confirm that around 800 people were affected by a technical issue that led to us temporarily suspending our website yesterday evening,” a spokesperson for Marks & Spencer said.

“We are now writing to every customer affected to apologise and to assure them that their financial details are safe.”

Commenting on the incident, Phil Barnett, VP Global at Good Technology, said that many companies are flying blind when it comes to security, because they don’t think it affects them.

“Marks and Spencer’s proves that customer data breaches are real threats and have serious consequences. Data is a company’s biggest asset, and as mobility becomes more ingrained across every enterprise, security must become a higher priority,” he said.

“When GDPR is implemented in 2016, companies experiencing a data breach could face a fine of two percent of worldwide revenue, so it’s not just going to be some painful interviews and a drop in share price, there’s the potential of big fines for every business.”

Last week British telecoms firm TalkTalk suffered a major cyber attack, which potentially compromised the data of more than four million customers. A 15-year-old schoolboy has been arrested in connection with the incident.

Tagged , , , , ,

Is the NSA trying to warn us that cryptography is dead?

Back in August, the NSA released an updated advisory that was at once interesting and expected: It said that the world had to prepare for the oncoming impact of quantum computers, and the possibility that these devices could render existing computer cryptography almost completely obsolete. They called for the cryptographic community to invest heavily in developing so-called post-quantum cryptographic solutions that could survive this hypothetical watershed invention. And, as you might imagine, this advisory has very nearly driven the internet insane. Now, two security researchers have published a paper compiling all the various theories surrounding this advisory, and trying to make sense of the situation.

Remember that quantum computers have obsessed internet weirdos for as long as the concept has existed. Try really looking into the Deep Web sometime, and you’ll quickly come up against the idea of a quantum deep web, a deep deep deep web, that can only be accessed by/through Illuminati-style quantum networks that, of course, don’t actually exist. Much of this lore is simply gleeful trolling by people who love to mislead noobs, but don’t kid yourself — many of the most entrenched People Of The Internet really do believe this crap.

NSA logoSo, unsurprisingly, now they believe this crap. The biggest issue springs for a single passage (emphasis mine):

For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition.

The reason this has surprised so many people is that the NSA has been a long-time supporter of several of what we might call pre-quantum cryptographic solutions, new and highly advanced algorithms that shore up problems with current solutions, but which would probably not be secure in the event of real quantum computing. In particular, NSA has been a booster of Elliptical Curve Cryptography (ECC), which makes this back-pedaling announcement a bit confusing. They’re now saying that this ECC is a stopgap solution waiting to be made obsolete by quantum research — but that’s what it’s always been, so what’s changed?

DWave's (alleged) quantum computing chip.

However, while it’s certainly possible that NSA has a secret, super-successful quantum computer behind closed doors, that looks very unlikely at this point. Not only does NSA seem to lack the sheer volume of pure-science research talent that would be necessary to compete with the major, openly admitted research bodies, but the Edward Snowden leaks revealed absolutely no indication that NSA has or soon expects to have access to post-quantum capabilities.

And so, those viewing the situation have slid down to a possible explanation that’s at once more and less realistic: a conventional computer algorithm that can break modern computer encryption through sheer mathematical efficiency. This is more realistic, since it could theoretically come from the mind of just a single brilliant analyst, and thus it could come from the NSA, out of the blue and with no help from the private sector. On the other hand, conventional wisdom in cryptography says that such a classical code-breaking system is impossible, with a digital computer.

The fact is that “NSA Has Quantum!” is a bit like the tech-world’s equivalent of “Half Life 3 Confirmed” — it’s basically a joke at this point, but beneath the sarcasm lies an understanding that the cliche does have to come true eventually, even if not for a very, very long time. That’s why both memes have been so long-lived: Quantum computers seem like they will come into existence at some point, so no matter how many times they cry (or hint) wolf, you’ve still got to be wary — every single time.

Tagged , , , , , , , , ,

People are upset that Facebook and Google sponsored a privacy event

Google and Facebook have come under fire before for their targeted advertising, which is based on information some people think should be private

If you use Facebook or Google, you are essentially consenting to them knowing your likes, dislikes and even, sometimes, sexuality.

We’ve all been mildly creeped out when we get an advert on the side of our screen that seems to know a piece of private information about us.

Because the companies haven’t always been that clear and transparent about exactly what they know about us and which parts of our data they’re using for targeted advertising, people were surprised to see that they were “diamond sponsors” for an event on privacy hosted by the University of Amsterdam.

Some people have gone even further and said that the way in which the sites build up profiles of us using our information is a form of corporate surveillance.

Technology writer Sidney Vollmer said: “It is an oft cited example of the asymmetrical nature of the problem of civil rights in the digital age: Mark Zuckerberg asks us for as much data as he can, yet, for thirty million dollars, buys all the houses around his own in Palo Alto to get more privacy.

“By having Facebook as your diamond sponsor you offer Facebook a diamond chance at rehabilitation and respectability.

“It is either a sign of my lack of creativity or a sign of your organization’s faulty practice in this matter that I can not think of a worse sponsor for your much, much needed event on privacy.”

Privacy advocate Aral Balkan told Motherboard: “We would not be having this discussion if Marlboro was sponsoring a conference on lung cancer,

“They just wouldn’t be allowed to. Because it is clearly a ridiculous conflict of interest.

“The only reason we are even having this conversation is because we still don’t understand that Facebook and Google are to privacy what smoking is to lung cancer,”

“Corporations like Facebook and Google are in the business of people farming,

“The value they create is directly linked to the amount of information they have about you… So the one thing they cannot do is to compete on privacy. They can only compete on the illusion of privacy. And that’s the narrative that they are spending heavily to create.”

Facebook came under fire earlier this year, when 25,000 people arguedthat the company illegally collected users’ data.

The €500 (£354) being sought by each claimant means Facebook would be saddled with a €12.5m bill and a major reputational blow should the case, led by the Austrian law student Max Schrems, be successful.

Mr Schrems alleges that Facebook illegally tracked users’ browsing habits via software installed on other web pages, and participated in “Prism”, the American spy programme, among other violations.

The entire country of Belgium also tried to take Facebook to court for breaking EU rules on data collection and privacy.

Tagged , ,