Thread: CCleaner Is Silently Updating Users Who Turned Off Automatic Updates
View Single Post
  #21  
Old September 20th 18, 06:42 PM posted to alt.windows7.general
Java Jive
external usenet poster
  
Posts: 391
Default CCleaner Is Silently Updating Users Who Turned Off AutomaticUpdates
On 20/09/2018 04:28, VanguardLH wrote:
Mayayana wrote:

Only if they're spying. There's no reason for software
authors to be collecting personal info in the first place.

Many users consider metrics measurement as spying despite that it
doesn't necessarily identify the user. For example, they're afraid a
site will get their IP address (but then EVERY endpoint must know your
IP address to know where to handshake and send back the requested
content). Since the IP address could be collected is why users get
afraid that their identity is surrendered. If you had someone's IP
address, can you tell what is their name, sex, age, religion, political
affiliations, economic status, marital status, and so on? Nope, just
something like a 50+ radius circle for their geolocation.

Not necessarily even that - as the crow flies, I'm about 500 miles
away from where my IP comes out into the world, which is further than
the nearest capital of a neighbouring country. However, it does
identify a particular user from a particular ISP at a particular moment
in time, and this can be used with other metadata to identify particular
individuals over longer periods of time.

Does the GPDR apply to web browsers? If not then those clients don't
need to alert their users that geolocation is enabled. In Firefox, you
have to dig into about:config to disable geolocation. There have been
many programs that send metrics on their use (crash reports, run-time,
etc). Avast is one. There are many others. Yes, users can disable
that "feature" but how many users actually delve into a program's
settings?

You're missing the point. Users have the democratic *choice* of
configuring most such programs not to phone home. GDPR is about giving
users similar choices about the information collected from them on the web.

Is collection your IP address considered "personally
identifying information" when it merely lumps you in with everyone else
in a 50-mile radius? Is repeated capture of your IP address considered
personally identifying you?

Combined with other metadata, it could be.

Of course they're spying. They say so themselves.
They want me to agree to being tracked for the
purposes of targetted ads. Here's their quote:

"By choosing "I agree" below, you agree that NPR's sites use cookies,
similar tracking and storage technologies, and information about the device
you use to access our sites to enhance your viewing, listening and user
experience, personalize content, personalize messages from NPR's sponsors,
provide social media features, and analyze NPR's traffic. This information
is shared with social media services, sponsorship, analytics and other
third-party service providers."

Cookies are used for re-login.

Not necessarily. Potentially, within limits concerning the number of
cookies and their maximum individual size which differ across browsers,
they can hold any textual information a website programmer wants them to
hold.

DOM Storage is local data
similar to cookies but to hold more information about your visit and
current state at a site to be reused later. You are not forced to let
them store your user data in a local cache.

Agreed.

If you configure your web
browser regarding privacy, they cannot detect your return.

Much less certain, see below ...

So whose
responsibility is it to comply with GDPR? The site for using features
in your web browser or the author of the web browser for defaulting to
enabling those features?

Certainly morally both, and but legally probably the site, because ...

This getting akin to the argument "Who is
responsible for someone getting shot? The gun maker, the gun shop that
sold the gun, or the person that used the gun?"

Again, morally all of them, but obviously primarily the person that did
the shooting. Legally, the person doing the shooting, but the other two
may be guilty of criminal behaviour as well, depending on the circumstances.

Even if
site's didn't create EU versus non-EU versions of their sites, they
could infuriate EU citizens by prompting them to okay each condition of
their TOS or privacy policy. And, or course, denying any of their
conditions could have them just say "Goodbye. We respect your privacy
restrictions."

They'd lose business, not just from EU citizens, but also because
Americans visiting the EU would get mad at them.

If users are currently ignorant of how to configure their web browser
regarding their privacy, you really think they'll understand a barrage
of prompts querying on each point in a privacy policy or read it should
there be an obvious link on the home page? How many users read the EULA
that comes with software?

Again, they have the democratic *choice* to do so if they wish.
However, of course, the EULA is designed to protect the company's
interests, not the End User's.

There's also a link to further details:

https://text.npr.org/s.php?sId=609131973#cookiepolicy

None of which qualifies as *personally identifying information*.
IP address: etc

Again, you are missing the point. While none of these pieces of
information ON ITS OWN seems to identify very much, taken together with
other metadata that can be gathered, they can reveal an astonishing
amount, often being able to identify a particular individual.

https://panopticlick.eff.org/

Clicking 'Test Me' gives me ...

Test Result
Is your browser blocking tracking ads? ✗ no
Is your browser blocking invisible trackers? ✗ no
Does your browser unblock 3rd parties that promise to honor Do Not
Track? ✗ no
Does your browser protect from fingerprinting? ✗
your browser has a unique fingerprint

Note particularly that last result. It seems I am easily tracked.
The details of that result are appended for those who are interested.

If you were a UK resident, I'd recommend you to listen to a recent
episode of BBC Inside Science via the BBC iPlayer, but I'm not sure
whether even radio downloads are available outside the UK. Throughout
the summer they have been showcasing the short list for the Royal
Society Book Prize. One of the candidates is a book by mathematician Dr
Hannah Fry called "Hello World!" about the modern use of computer
algorithms. In this clip she explains how disparate pieces of
information, each apparently insignificant on its own, are pieced
together to be able to draw surprising conclusions. Perhaps the best
example she gives is that if you have a store loyalty card, are female,
and buy vitamin pills and unscented body lotion, they can work out that
you're pregnant, and send you offers for nappies, etc:

https://www.bbc.co.uk/radio/play/b0bgw30j 19:02 minutes in

Alternatively, a little longer ago she was a guest panelist on The
Infinite Monkey Cage, where she expounded on this story in greater
detail, including that it was an American store called 'Target' and that
in 2012 a father of a teenage daughter had actually gone to his local
store in Minneapolis to complain about her being sent these coupons as
it seemed to be 'normalising' teenage pregnancy, but by the time the
store rang him at home to apologise, his daughter had admitted to him
that she was indeed pregnant.

https://www.bbc.co.uk/programmes/b0b9wbf8 7:38 minutes in

Much of the following needs updating, but nevertheless it's still quite
a good canter around some of the individual threats, but the real danger
is how the small, apparently insignificant, pieces of information get
combined.

https://en.wikipedia.org/wiki/Internet_privacy

Cookies:
"The original developers of cookies intended that only the website that
originally distributed cookies to users could retrieve them, therefore
returning only data already possessed by the website. However, in
practice programmers can circumvent this restriction. Possible
consequences include:
* the placing of a personally-identifiable tag in a browser to
facilitate web profiling (see below)
* use of cross-site scripting or other techniques to steal
information from a user's cookies.
[...] one of the most common ways of theft is hackers taking one's
username and password that a cookie saves. While a lot of sites are
free, they have to make a profit somehow so they sell their space to
advertisers. These ads, which are personalized to one's likes, can often
freeze one's computer or cause annoyance. Cookies are mostly harmless
except for third-party cookies.[23] These cookies are not made by the
website itself, but by web banner advertising companies. These
third-party cookies are so dangerous because they take the same
information that regular cookies do, such as browsing habits and
frequently visited websites, but then they give out this information to
other companies."

Photographs on the Internet
"Face recognition technology can be used to gain access to a person's
private data, according to a new study. Researchers at Carnegie Mellon
University combined image scanning, cloud computing and public profiles
from social network sites to identify individuals in the offline world.
Data captured even included a user's social security number.[45] Experts
have warned of the privacy risks faced by the increased merging of our
online and offline identities. The researchers have also developed an
'augmented reality' mobile app that can display personal data over a
person's image captured on a smartphone screen.[46] Since these
technologies are widely available, our future identities may become
exposed to anyone with a smartphone and an Internet connection.
Researchers believe this could force us to reconsider our future
attitudes to privacy."

Google Street View
" In one instance, Ruedi Noser, a Swiss politician, barely avoided
public scandal when he was photographed in 2009 on Google Street View
walking with a woman who was not his wife – the woman was actually his
secretary"

and so on. Also ...

https://www.bleepingcomputer.com/new...n-the-same-pc/

https://www.chromium.org/Home/chromi...ion-mechanisms

https://pet-portal.eu/files/articles...erprinting.pdf


Here are the detailed findings ...

Browser Characteristic bits of identifying information one in x
browsers have this value value
Limited supercookie test
0.37

1.29
DOM localStorage: Yes, DOM sessionStorage: Yes, IE userData: No
Hash of canvas fingerprint
20.05

1088160.0
de7fbe2badf5c8a7fff29615325949c3
Screen Size and Color Depth
2.85

7.2
1366x768x24
Browser Plugin Details
21.05

2176320.0
Plugin 0: Java Deployment Toolkit 8.0.1410.15; NPRuntime Script Plug-in
Library for Java(TM) Deploy; npdeployJava1.dll; (;
application/java-deployment-toolkit; ). Plugin 1: Java(TM) Platform SE 8
U141; Next Generation Java Plug-in 11.141.2 for Mozilla browsers;
npjp2.dll; (Java Applet; application/x-java-applet; ) (JavaBeans;
application/x-java-bean; ) (; application/x-java-vm; ) (;
application/x-java-applet;version=1.1.1; ) (;
application/x-java-bean;version=1.1.1; ) (;
application/x-java-applet;version=1.1; ) (;
application/x-java-bean;version=1.1; ) (;
application/x-java-applet;version=1.2; ) (;
application/x-java-bean;version=1.2; ) (;
application/x-java-applet;version=1.1.3; ) (;
application/x-java-bean;version=1.1.3; ) (;
application/x-java-applet;version=1.1.2; ) (;
application/x-java-bean;version=1.1.2; ) (;
application/x-java-applet;version=1.3; ) (;
application/x-java-bean;version=1.3; ) (;
application/x-java-applet;version=1.2.2; ) (;
application/x-java-bean;version=1.2.2; ) (;
application/x-java-applet;version=1.2.1; ) (;
application/x-java-bean;version=1.2.1; ) (;
application/x-java-applet;version=1.3.1; ) (;
application/x-java-bean;version=1.3.1; ) (;
application/x-java-applet;version=1.4; ) (;
application/x-java-bean;version=1.4; ) (;
application/x-java-applet;version=1.4.1; ) (;
application/x-java-bean;version=1.4.1; ) (;
application/x-java-applet;version=1.4.2; ) (;
application/x-java-bean;version=1.4.2; ) (;
application/x-java-applet;version=1.5; ) (;
application/x-java-bean;version=1.5; ) (;
application/x-java-applet;version=1.6; ) (;
application/x-java-bean;version=1.6; ) (;
application/x-java-applet;version=1.7; ) (;
application/x-java-bean;version=1.7; ) (;
application/x-java-applet;version=1.8; ) (;
application/x-java-bean;version=1.8; ) (;
application/x-java-applet;jpi-version=1.8.0_141; ) (;
application/x-java-bean;jpi-version=1.8.0_141; ) (;
application/x-java-vm-npruntime; ) (;
application/x-java-applet;deploy=11.141.2; ) (;
application/x-java-applet;javafx=8.0.141; ). Plugin 2: PDF-XChange
Viewer; PDF-XChange Viewer Netscape Gecko Plugin;
npPDFXCviewNPPlugin.dll; (Portable Document Format; application/pdf;
pdf). Plugin 3: Shockwave Flash; Shockwave Flash 31.0 r0;
NPSWF64_31_0_0_108.dll; (Adobe Flash movie;
application/x-shockwave-flash; swf) (FutureSplash movie;
application/futuresplash; spl).
Time Zone
3.1

8.59
-60
DNT Header Enabled?
0.84

1.79
True
HTTP_ACCEPT Headers
16.1

70203.87
text/html, */*; q=0.01 gzip, deflate, br en-GB,en;q=0.7,fr;q=0.3
Hash of WebGL fingerprint
12.08

4335.3
83663cdc2084dc0bace5dcbde258572b
Language
4.15

17.72
en-GB
System Fonts
16.88

120906.67
Arial, Arial Unicode MS, Book Antiqua, Bookman Old Style, Calibri,
Cambria, Cambria Math, Century, Comic Sans MS, Consolas, Courier,
Courier New, Garamond, Georgia, Helvetica, Impact, Lucida Console,
Lucida Sans Unicode, Microsoft Sans Serif, Monotype Corsiva, MS Gothic,
MS Outlook, MS PGothic, MS Reference Sans Serif, MS Sans Serif, MS
Serif, Palatino Linotype, Segoe Print, Segoe Script, Segoe UI, Segoe UI
Symbol, Tahoma, Times, Times New Roman, Trebuchet MS, Verdana,
Wingdings, Wingdings 2, Wingdings 3 (via javascript)
Platform
3.0

8.02
Win64
User Agent
15.63

50612.09
Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:52.9) Gecko/20100101
Goanna/3.4 Firefox/52.9 PaleMoon/27.9.0
Touch Support
0.59

1.51
Max touchpoints: 0; TouchEvent supported: false; onTouchStart
supported: false
Are Cookies Enabled?
0.22

1.17
Yes
Ads