Security News

DuckDuckGo is rolling out an email privacy feature that strips incoming messages of trackers that can help profile you for better profiling and ad targeting. Currently in private beta, DuckDuckGo's Email Protection service aims at shielding you from hidden trackers that are often embedded in emails from various companies.

Mozilla this week pushed Firefox 90 to the stable channel with several security improvements, including better protections against cross-origin threats and an advanced tracker blocking mechanism. The open-source browser refresh is currently rolling out with support for Fetch Metadata Request Headers, which means that web applications can better protect users against cross-site request forgery, cross-site leaks, and speculative cross-site execution side channel attacks.

Mozilla has introduced SmartBlock 2.0, the next version of its intelligent cross-site tracking blocking tech, with the release of Firefox 90. The SmartBlock mechanism, introduced with Firefox 87 in March, works to ensure that the Tracking Protection feature and Strict Mode will not break websites when blocking tracking scripts.

The fascinating tale of a bug that's baked into Apple's latest chip. Why the Aussie data breach warning site HIBP is partnering with the FBI. A coronavirus tracking toolkit that fell foul of privacy rules.

You've probably assumed, or at least hoped, when you've handed over data during the pandemic "For the greater good of all", that the company collecting it would treat it with more than the usual amount of care. The ICO noted that immediately below the abovementioned consent checkbox was wording that said, "To comply with Government Guidance during the Covid-19 pandemic, we are collecting your name and contact details. We will store these for 21 days only before deleting them in line with GDPR regulations. Your details will not be shared with any other company or organisation."

CNAME tracking is a way to configure DNS records to erase the distinction between code and assets from a publisher's domain and tracking scripts on that site that call a server on an advertiser's domain. As privacy barriers have gone up to prevent marketers from gathering data from web users, CNAME manipulation has become more popular.

With browser makers steadily clamping down on third-party tracking, advertising technology companies are increasingly embracing a DNS technique to evade such defenses, thereby posing a threat to web security and privacy. In other words, CNAME cloaking makes tracking code look like it's first-party when in fact, it is not, with the resource resolving through a CNAME that differs from that of the first party domain.

A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded trackers. German infosec bod Mike Kuketz spotted LastPass's trackers in analysis produced by Exodus, which describes itself as "a non-profit organization led by hacktivists [whose] purpose is to help people get a better understanding of the Android applications tracking issues."

A security researcher has recommended against using the LastPass password manager Android app after noting seven embedded trackers. German infosec bod Mike Kuketz spotted LastPass's trackers in analysis produced by Exodus, which describes itself as "a non-profit organization led by hacktivists [whose] purpose is to help people get a better understanding of the Android applications tracking issues."

Learn how to use Apple's Privacy Report in Safari so you can see which websites attempted to track you on your iPhone or iPad. Cross-site trackers operate by tracking you as you surf from one website to another. By default, the mobile version of Safari on your iPhone and iPad tries to prevent cross-site trackers from following you.