Via Slashdot and contributor slincolne [the link is behind a paywall]: “The founder of the data-breach notification site Have I Been Pwned manages “the largest known repository of stolen data on the planet,” reports Australia’s public broadcaster ABC, including over 6 billion email address. Yet with no employees, Troy Hunt manages all of the technical and operational aspects single-handedly, and “has ended up playing an oddly central role in global cybersecurity.” Troy is very careful with how he handles what he finds. He only collects (and encrypts) the mobile numbers, emails and passwords that he finds in the breaches, discarding the victims’ names, physical addresses, bank details and other sensitive information. The idea is to let users find out where their data has been leaked from, but without exposing them to further risk. Once he identifies where a data breach has occurred, Troy also contacts the organisation responsible to allow it to inform its users before he does. This, he says, is often the hardest step of the process because he has to convince them it’s legitimate and not some kind of scam itself. He’s not required to give organisations this opportunity, much less persist when they ignore his messages or accuse him of trying to shake them down for money. But there’s evidence that this approach is working. Despite the legal grey area he has operated in for a decade now, he’s avoided being sued by any of the organisations responsible for the 705 breaches that are now searchable on Have I Been Pwned. These days, major tech companies like Mozilla and 1Password use Have I Been Pwned, and Troy likes to point out that dozens of national governments and law enforcement agencies also partner with his service… “He’s not a company that’s audited. He’s just a dude on the web,” says Jane Andrew, an expert on data breaches at the University of Sydney. “I think it’s so shocking that this is where we find out information about ourselves. She says governments and law enforcement have, in general, left it to individuals to deal with the fallout from data breaches… Without an effective global regulator, Professor Andrew says, a crucial part of the world’s cybersecurity infrastructure is left to rely on the goodwill of this one man on the Gold Coast.”
Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002
Category Archives: Privacy
The Man Who Trapped Us in Databases
The New York Times [read free]- “Hank Asher was a drug smuggler with a head for numbers — until he figured out how to turn Americans’ private information into a big business. One of Asher’s innovations — or more precisely one of his companies’ innovations — was what is now known as the LexID. My… Continue Reading
Your Face Belongs to Us: A Conversation with Kashmir Hill
Tech Policy Press: “In 2019, journalist Kashmir Hill had just joined The New York Times when she got a tip about the existence of a company called Clearview AI that claimed it could identify almost anyone with a photo. But the company was hard to contact, and people who knew about it didn’t want to… Continue Reading
Pete Recommends – Weekly highlights on cyber security issues, September 23, 2023
Via LLRX – Pete Recommends – Weekly highlights on cyber security issues, September 23, 2023 – Privacy and cybersecurity issues impact every aspect of our lives – home, work, travel, education, finance, health and medical records – to name but a few. On a weekly basis Pete Weiss highlights articles and information that focus on the… Continue Reading
What Big Tech Knows About Your Body
The Atlantic [free to read]: “..We leave digital traces about our health everywhere we go: by completing forms like BetterHelp’s. By requesting a prescription refill online. By clicking on a link. By asking a search engine about dosages or directions to a clinic or pain in chest dying???? By shopping, online or off. By participating… Continue Reading
How to Delete Private Browsing History and Protect Your Privacy
MakeUseOf: “Most people use the incognito browsing mode when they want to keep their browsing history private. But did you know that incognito mode isn’t actually private? When using incognito mode in your web browser, you may think that your activities are completely anonymous and untraceable. Unfortunately, this is not always the case. Your Internet… Continue Reading
New Privacy Badger Prevents Google From Mangling More of Your Links and Invading Your Privacy
EFF: “We released a new version of Privacy Badger that updates how we fight “link tracking” across a number of Google products. With this update Privacy Badger removes tracking from links in Google Docs, Gmail, Google Maps, and Google Images results. Privacy Badger now also removes tracking from links added after scrolling through Google Search… Continue Reading
UK Guide on the use of Generative AI
UK Gov: Guide on the use of Generative AI – “Overview – Generative artificial intelligence (AI) tools offer many potential benefits to Government of Canada (GC) institutions. Federal institutions should explore potential uses of generative AI tools for supporting and improving their operations. However, because these tools are evolving, they should not be used in… Continue Reading
Exploring Congress’ Framework for The Future of AI
“U.S. Senator Bill Cassidy (R-LA), ranking member of the Senate Health, Education, Labor, and Pensions (HELP) Committee, released a white paper – Exploring Congress’ Framework for The Future of AI – on artificial intelligence (AI) and the technology’s potential benefits and risks to society. Additionally, Cassidy requested feedback from stakeholders on the role of government… Continue Reading
Pete Recommends – Weekly highlights on cyber security issues, September 16, 2023
Via LLRX – Pete Recommends – Weekly highlights on cyber security issues, September 16, 2023 – Privacy and cybersecurity issues impact every aspect of our lives – home, work, travel, education, finance, health and medical records – to name but a few. On a weekly basis Pete Weiss highlights articles and information that focus on the increasingly… Continue Reading
You Should Worry About the Data Retailers Collect About You
The Atlantic [free to read]: “…Smartphones gave stores even more refined information about their customers, facilitating new kinds of in-store spying that most people probably don’t even know exists. Mousetrap-size radio transmitters called beacons ping off apps on your phone and can track your location down to the inch inside a store, giving retailers granular… Continue Reading
How to finally ditch Chrome and move all your data and bookmarks to another browser
PopSci: “The latest version of Google Chrome introduced new settings that have raised privacy concerns. Google says these tools “give you more choice over the ads you see,” which sounds nice. But it’s also a jargony way to say the browser will track your web surfing and share some of your data with advertisers so… Continue Reading
