På kort tid har det svenska elsparkcykelföretaget Voi lockat hundratusentals kunder. Men nu avslöjas en Voi-läcka. Personuppgifter om hundratusentals av Vois kunder har legat öppet på nätet, enligt det tyska mediebolaget Bayerischer Rundfunk. Bland de drabbade finns flera svenskar.
At least 75 companies receive people’s precise location data from hundreds of apps whose users enable location services for benefits such as weather alerts, The New York Times found. The companies use, store or sell the information to help advertisers, investment firms and others.
“The big tech companies are taking advantage of you by selling your data. We won’t.” In effect, it’s an anti-sales sales pitch. DuckDuckGo is perhaps the most prominent in a number of small but rapidly growing firms attempting to make it big — or at least sustainable — by putting their customers’ privacy and security first.
In 2011 security researcher Steven Myer demonstrated that an eight-character (53-bit) password could be brute forced in 44 days, or in 14 seconds if you use a GPU and rainbow tables – pre-computed tables for reversing hash functions.
When security researcher Troy Hunt examined the minimum password lengths at various websites last year, he found that while Google, Microsoft and Yahoo set the bar at eight, Facebook, LinkedIn and Twitter only required six.
Tinker said the eight character password was used as a benchmark because it’s what many organizations recommend as the minimum password length and many corporate IT policies reflect that guidance.
”Because we’ve pushed the idea of using complexity (upper case letters, lower case, numbers, and symbols), it’s hard for users to remember individual passwords,” Tinker said. ”This does, among other things, cause users to pick the minimum length allowed, so that they can remember their complex password. As such, a large percentage of users choose the minimum requirements of eight characters.”
So how long is long enough to sleep soundly until the next technical advance changes everything? Tinker recommends a random five-word passphrase, something along the lines of the four-word example popularized by online comic XKCD, ”correcthorsebatterystaple.”
When we’re talking about things that impact personal safety, it’s crucial to think about the specific, realistic threats that we (or our families) face. In this blog, I’m going to talk about ways that consumer IoT and Smart Home systems can be abused to cause risk to safety and privacy. If your number one concern for your safety is a casual criminal breaking your lock and stealing your TV, and the loss of your activity data isn’t something that substantially impacts or bothers you, you might decide that a flawed Smart Home system is an acceptable risk (or even a net benefit).
Location information can reveal some of the most intimate details of a person’s life – whether you’ve visited a psychiatrist, whether you went to an A.A. meeting, who you might date. It’s not right to have consumers kept in the dark about how their data is sold and shared and then leave them unable to do anything about it.