8. Remember Gator Corporation? [1998-2008]
! “The leader in online behavioral marketing”
! 2003: installed on 35 million PCs
! Spyware? I will send you my lawyers
! Report behavior, replace Ads
! Top management: most in
the online Ads industry now
PAGE 8 |
9. Regulation?
Better protections. Consumers Union, the advocacy arm of
Consumer Reports, wants a national privacy law that holds all
companies to the same privacy standards and lets consumers
tell companies not to track them online
PAGE 9 | 1 2 3 4 5 6
11. Business is business
In November, regulators in Germany found that such
information was being collected on Facebook users for up
to two years even after they deactivated their accounts.
Facebook said that was needed to enhance security, a
claim German regulators rejected. Both sides say they are
willing to talk, but Facebook’s website says it doesn’t share
such data without your permission and deletes it or makes
the information anonymous within 90 days.
PAGE 11 | 1 2 3 4 5 6
12. ! Google Privacy Policy
• Information you give to us
• Information we get form your use of our services
• Device information (HW model, OS, UDI, Phone number)
• Log information
– search queries
– phone number, forwarding numbers, time and date of calls, duration
of calls
– IP
– Device info (system activity, browser language, date and time of your
request and referral URL)
– Cookies
• Location (GPS, WIFI Aps, cell towers)
• Applications
Source: www.google.com/policies/privacy
PAGE 12 | 1 2 3 4 5 6
22. Analyzing World´s top traffic (I)
! The experiment
• Browsed top 100 sites country by country according to Alexa
• Sniffed all the traffic
• Set up a database of tracking sites (around 1500 domains)
PAGE 22 | 1 2 3 4 5 6
23. Analyzing World´s top traffic (II)
! Countries with most requests to tracking domains
36
World avg. 24,58%
35
34
33
32
31
30
29
28
GB QA YE NP US AU PK SD AL CA
PAGE 23 | 1 2 3 4 5 6
26. Analyzing World´s top traffic (III)
! Top 100 domains WITHOUT references to tracking sites (country
by country avg):
49,96%
! Why so low?
! Let´s take top 10 sites instead of top 100
! References to tracking sites:
92,32%
! Top 100 world sites: 89% tracking (source: digitaltrends.com)
PAGE 26 | 1 2 3 4 5 6
27. Analyzing World´s top traffic (III)
! Top 100 domains WITHOUT references to tracking sites (country
by country avg):
49,96%
! Why so low?
! Let´s take top 10 sites instead of top 100
! References to tracking sites:
92,32%
! Top 100 world sites: 89% tracking (source: digitaltrends.com)
PAGE 27 | 1 2 3 4 5 6
35. Conclusions
• Recipe for the disaster: tons of money, low regulation,
relaxed self regulation
• Privacy vs business objectives
• User´s awareness raising: who is offering them solutions?
We did help with Gator in the past.
The difference? They installed unwanted software.
However it was the same goal using different means.
In 2012 is not about protecting the device, but protecting the user.
PAGE 35 | 1 2 3 4 5 6
36. Thank you!
I´m not a number, I´m a free man
Vicente Diaz, Senior Security Analyst
@trompi
Virus Bulletin 2012
PAGE 36 |