The Cocoon Blog
The Internet as it should be: private, secure and virus free

by Brian J. Fox, Co-founder & CTO, Cocoon

I remember clearly the first time I overheard someone say the word “e-mail” in a restaurant. I jumped up from my chair, and strode over to the table where the 30-something man was sitting, and said, “Hi, I’m bfox. We’ve met before, right?” At that time (1981), there were only about 500 e-mail servers on the ARPANet, and the odds were extremely high that one user of the network would have exchanged information with another.

Times have changed, and I’m fully aware that I don’t know everyone who uses e-mail. But I do know that I can communicate, collaborate, and exchange ideas with large numbers of people that I’ve never met physically. For me, it is the natural way that the world should be for us humans — using technology to bring us closer together.

In many ways, the Internet has finally evolved to a place where it is having just the type of transformational affect that we early e-mailers dreamed it might. The “Twitter Revolution” in Iran, the clean democratic elections in Egypt following their revolution that ousted Mubarak, the overthrow of Gaddafi in Libya, Occupy Wall Street, and even the 6 million people who took to the streets earlier this month in Syria — all were aided by the technological advances that have decentralized the flow of information. Who would have dreamed a hashtag would transform journalism, empowering individuals to report the news in real time?

In Iran, officials spent as much time online shutting down portals as they did in the streets policing protesters. Libya was forced to turn off its Internet access in order to stem the flow of truth and ideas.

And now, just as the world is reshaping itself through the availability of information and flexible communication, there are direct attacks on the technology infrastructure that is shaking up political structures. The poorly named Stop Online Piracy Act (SOPA) has serious implications for the use of free speech on the Internet, and there has been a viral revolt against companies and interests that support it. GoDaddy.com got slapped hard with an overnight boycott of its web hosting services when it declared its support of the bill, and reacted by recanting its statement of support.

It is the under the radar attacks that have the potential to wreak the most havoc on the fulfillment of the real promise of our Internet. In my current work, my job is to protect the online privacy of consumers. Advertisers are working hard to develop intricate consumer profiles of every individual — to know who you are, where you are and what you are browsing and buying. My job is to give us back the power to control our information — its flow, who it is shared with, and whether it can be used to track you.

Proponents of free speech utilize our product “Cocoon” to access social media from behind restrictive firewalls, and let their voices be heard.

For decades I imagined that we would be using secure voting systems and implementing a true digital democracy, empowering individuals around the world to shape their own governments to best reflect their needs. We still aren’t there yet. Instead, I am focused on protecting the privacy rights of those same individuals from Peeping Tom advertisers or government intrusion.

These same principles of tracking and consumer profiling are also having a limiting effect on what information is presented to us. In a recent TED speech, Eli Pariser received a standing ovation from the audience for his discussion about how hyper-personalization was directly shaping the information an individual received. Tracking is not limited to just advertisers. Sites such as Google and Facebook use it to modify and “personalize” the information you receive.

Pariser noted a mini experiment where he asked two friends to search the same word on Google from their respective computers. The information that was returned was relevant to the search term, but was vastly skewed in different directions. What came back could not have been more disparate. A couple of months ago, we had independently done a similar experiment with a handful of people around the country and were equally shocked by the results. Not only did different information come up based on geography, but the results were tailored to age, gender and even category (news, images, etc.).

Advertisers suggest they want to provide more “butlered” service, presenting you with products more suited to your tastes while Google wants to make it easier for you to find the services or information you are looking for.

It is this nexus of online tracking, behavioral profiling and hyper-personalization that truly threatens the future and possibility of the Internet. While it may be more convenient in some ways, the fact that our choices and information are being limited by algorithms and computer profiling means we are presented with fewer options. Pariser argues that hyper-personalization is limiting our viewpoint, our lens, to the world and that a marketplace of ideas and viewpoints is an essential component to democracy. If liberals are not exposed to conservative ideas and conservatives aren’t exposed to liberal ideas, how will they ever find common ground? Just because I lean to the left politically hardly means that I don’t want to hear conservative ideas or news stories.

As a citizen and as a programmer, the most frustrating thing to me is the fact that we don’t even know the profiling is occurring or that our information is being reshaped based on some hidden algorithm. While our company provides a free plug-in (and soon an iOS app) to free people of online tracking, it would be just as simple for Google and Facebook to create a button that turns off the “personalization” algorithm.

The best way to protect and even promote democracy is to protect the freedom of the Internet. While SOPA has created quite a stir publicly, we must also be vigilant about even some of the “conveniences” we are presented with, lest we all break the law of unintended consequences.

This article was first published by the Huffington Post.

by Brian J. Fox, Co-founder & CTO, Cocoon

On International Data Privacy Day it’s appropriate to ask ourselves, are we too connected? I used to own just my laptop and my cell phone, and that was good enough. Now, I’ve got a plethora of devices, and every one of them is connected to the Internet. I’ve got Facebook on my TV and phone, I’ve got Google Voice on my laptop and tablet, I have photo stream and GPS on my camera and my iPod. I even have Internet radio on my desktop and in my car.

As these new devices allow us to become ever more connected to the world, the opportunity for access to personal information is also increased. 

The demand for (and availability of) all these devices has made Internet privacy and security one of the most pressing issues facing us this year. While several bills have been introduced to address the issue – Do Not Track Kids and Do Not Track, for instance – this is baseline legislation that cannot keep up with the technologies that allow for more and more sophisticated tracking. It is the private sector that is coming up with the solutions that allow consumers to control how much information they share and how to keep their devices and networks secure.

I don’t think we need to choose between the convenience of these devices and privacy…consumers just need to know about the tools such as Cocoon now available in the marketplace that can keep their data secure and their personal information private.

Mikko Hypponen, Chief Research Officer of F-Secure is a leading global cybercrime expert. In this video Mikko briefly discusses three types of online attack:

1. Cybercriminals
2. Hacktivists
3. Governments

The Electronic Frontier Foundation (EFF) is also gathering information on what printers may be revealing and exploring privacy implications of this technology.

“In a purported effort to identify counterfeiters the US government has succeeded in persuading some color laser printer manufacturers to encode each page with identifying information. That means that without your knowledge or consent an act you assume is private could become public. A communication tool you’re using in everyday life could become a tool for government surveillance. And what’s worse there are no laws to prevent abuse.”  -EFF

 

Our free web-service is doing some very cool stuff…

You can now be totally safe on open WiFi networks, you will no longer be tracked by every website you go to, AND you don’t have to worry about getting viruses online no matter where you browse.

And you get unlimited email addresses for anything you have to sign up for. That means that you can put an end to spam just by throwing away your inbox.

It’s gotten some great reviews: 

Lifehacker: “Cocoon wraps up all those privacy features into one simple add-on”

CNET: “Cocoon looks like a serious contender for one of the best add-ons of the year”

–The Cocoon Team

Airports, restaurants, coffee shops, businesses, dentists, libraries and even public parks offer public access to Wi-Fi for free. Surfing unsecured hotspots can open your data pipeline to some very unsavory characters.  Whether you use it for convenience or because there is no other Internet connection available — the bad guys still have all kinds of tools to gather and steal information from you.

In a recent Cyber-scary contest that we featured in mid November one of our entrants realized that the hotel that they stayed at in Las Vegas did not even have a public Wi-Fi connection available! But her husband was able to easily connect to a rogue Wi-Fi hotspot to enter his credit card information:

“Haven’t been on vacation in 20 years…… We get to our hotel in Vegas. First thing my husband does is, to try to go online, to check his work email. He gets a wireless signal called Luxorhotel_guest. Clicks on it, and enters in our credit card information. We then find out that the LUXOR only offers wired internet service! GREAT!”

At Virtual World Computing, we offer free cloud-based “Cocoon” security software that automatically encrypts unsecured Wi-Fi communications. While logged into Cocoon, all your online activities beccome routed through our “secure tunnel” to a safe server that blocks the bad guys from getting to your data. You won’t have to spend your time worrying about online banking or stolen credit card information, because we keep the bad guys away.

Cocoon Features:

• Creates a virtual firewall that keeps the bad guys away from your computer.
• Provides antivirus protection; Cocoon will alert you and stop harmful or malicious files from downloading to your computer.
• Protects your personal information and activity by preventing cookie tracking.
• Prevents malware and drive-by downloads.
• Gives you the option to remotely store history and bookmarks in the cloud.
• Encrypts all your data.
• Shields your personal identity and protects your privacy.
• Provides ad hoc email addresses via mailslots that stops spam in its tracks

Internet threats are huge today. Every time you turn your head it appears that somebody is getting hacked or compromised in some way.

At Virtual World Computing (VWC) we believe that everyone has the right to online privacy and web security. We also believe in sharing vital information with the online community in hopes that our contributions will enhance and assist people in making better Internet security and privacy choices.

It is in this spirit that we’ve selected ten of our best blog posts from 2011 to re-share with the Internet community – Enjoy!

The Top 10 Cocoon Blog Posts From 2011

1. [Video] Why Should Your Privacy Be Important To YOU 

In today’s online world, privacy is not a right that exists; it is an option that you must exercise on your own. Many people believe that they have to give up their privacy to be online and Cocoon wants to change this fallacy.

2. Cocoon’s 2011 List of the Top 10 Internet Privacy Threats

Privacy has become a red-hot issue in 2011. As more privacy organizations, advocates and researchers discover and disclose to the general public what social networks, governments, corporations, data miners/aggregators, advertisers and law enforcement collect;  public awareness of the impact of our digital footprints and  invasive online tracking tactics become exposed.

3.  Protecting Children Online

Whether it is identity theft, online tracking, or profiling, the Internet can be an open door to a child’s personal information. A Wall Street Journal investigation into online privacy last year found that popular children’s websites install more tracking technologies on personal computers than do the top websites aimed at adults.

4.  New Free Software Makes Wi-Fi Safe for Travelers

Free hotspots have become famously easy pickings for hackers setting up fake free Wi-Fi hotspots that look like the real thing (aka an “Evil Twin”). When an unsuspecting user logs on, what they are connecting to isn’t a real hotspot – it’s the hacker’s laptop. Once that happens, the hacker can use free software from the Internet (such as Firesheep, WiFi Pineapple and WiFi Robin) to hijack much of the information sent to and from the victim’s laptop).

5. Facebook and their 90 day tracking cookies…

According to Byron Acohido from USA Today, Facebook has been able to create a running log of visits that each of its 800 million members has visited in the previous 90 days. Once you are logged into Facebook, the site inserts a both a browser cookie and a session cookie into your web browser.

6. Consumer Privacy Should Trump Google’s Profits

Once again, the norm for big business is to place the onus on individuals to opt-out of being tracked and allowing our information to be inventoried. This is routinely done as ad networks sell personal user profiles to advertisers, but this is a new twist. Google is now using your Wi-Fi signal to help them sell location-based advertising.

7. Nine simple steps that you can take to better secure a public Wi-Fi connection

A hacker could easily create a fake Wi-Fi hot spot that looks legitimate. If you connect to the hackers Wi-Fi you will be directly linked to the hacker’s computer.

8. How to protect yourself on social networks

Malicious people are drawn to social networks due to easy access and the amount of personal data available to them. The more information that you place on these sites along with weak privacy settings has the potential to allow targeted social engineering attacks.

9. Does your Internet have malware?

It is obvious that relying on one solution alone to detect all Internet threats is not enough. The digital landscape has changed and the concept of adopting a layered security approach is a good idea. Cocoon, a Firefox plug-in is an awesome addition to add to your Internet toolkit.

10.  Recap on Cocoon Features

Cocoon was created out of the belief that everyone should have access to the Web, have a right to online privacy, and that the act of browsing the Web should not expose your computer to malicious code.

Our business is to protect your privacy and security – if we don’t do that we don’t have a business – so we take Internet security and privacy seriously.

Whether it is identity theft, online tracking, or profiling, the Internet can be an open door to a child’s personal information. A Wall Street Journal investigation into online privacy last year found that popular children’s websites install more tracking technologies on personal computers than do the top websites aimed at adults.

According to recent research by Consumer Reports,one million children were harassed, threatened, or subjected to other forms of cyberbullying on Facebook in the past year — and that’s just one social media site. Furthermore, the Federal Trade Commission (FTC) says 8 percent of the ID theft complaints in 2010 involved children.

Society has an obligation to protect our children and online safety for children should be a priority. We need a three-pronged approach to address this issue: policy changes; industry self-regulation; and more parental tools, monitoring and education.

Current legislation being considered includes proposed amendments to the Children’s Online Privacy Protection Act (COPPA) by the FTC.  COPPA has not been seriously updated since 1998 — only four years after the first browser was introduced to the marketplace. (That was back when you still needed an antenna on your car for your “car phone” to work.) In May, the Do Not Track Kidsbill (H.R. 1895) was introduced by Rep. Edward J. Markey (D-Mass.) and Rep. Joe Barton (R-Texas); it proposes barring websites outright from using kids’ data to target ads to them until they are 17.  Debates continue about the appropriate age cut-off and exactly how this legislation would be enforced.

A recent New York Times editorial, “A Push for Online Privacy,” stated that “Despite bipartisan concern about potential abuses, Congress has not acted to protect consumer privacy, and there is little chance legislation will pass anytime soon.”

Okay, well if we cannot count on policies to protect our children online anytime soon, how about self-regulation?

The desire to know who, what and where people are at any given point is driven by advertising revenue. The more companies know about a consumer, the more they can target advertising to their buying habits. Until their revenue model changes, what incentive do these companies have to self-regulate? Unless, of course, there is legislation in place, and you see the circular argument.

So it is up to the parents, and as a parent, I can say we are falling short.  The same Consumer Reports research found that 7.5 million American children under the age of 13 were using Facebook, more than 5 million were 10 and under, and their accounts were largely unsupervised by their parents (although Facebook’s policy is not to allow children under 13 to use its site).

So we can wait for politicians to step up to build a regulatory framework to protect our children’s online privacy and hope that the online industry will check its own greed, or we can take control of protecting our kids today by monitoring our their online use, educating them about online safety, and using the tools available to protect them from being tracked.

Follow Vernon Irvin, President & COO of Virtual World Computing on Twitter: www.twitter.com/GetCocoon

According to Byron Acohido from USA Today, Facebook has been able to create a running log of visits that each of its 800 million members has visited in the previous 90 days. Once you are logged into Facebook, the site inserts a both a browser cookie and a session cookie into your web browser.

“Online tracking involves technologies that tech companies and ad networks have used for more than a decade to help advertisers deliver more relevant ads to each viewer. Until now, Facebook, which makes most of its profits from advertising, has been ambiguous in public statements about the extent to which it collects tracking data.”

In a nutshell: If you are logged into your Facebook account and also surfing the web, it is your session cookie that will log any third-party web pages that you visit. This session cookie works in conjunction with any Facebook plug-in (such as the “Like” button) that is installed at the third-party site and reports back to the FACEBOOKSHIP:  the web address of the page you visited along with pc and browser data including your IP address.

To get out the full scoop on how Facebook tracks you across the web, be sure to visit USA Today and view their flash presentation on how this process works once you are logged in, logged out and how Facebook currently uses this tracking technology.

Stanford grad student, Johnathan R. Mayer shared a report last month that revealed how web sites share your information with ad networks proving that online tracking is not anonymous.

Sadly most people have no idea how little privacy they have online.

“…not only do many popular web sites wring as much personally identifiable information as possible out of its own users, they funnel that data to other web sites, spreading news of one user’s browsing habits to as many as 22 companies with every visit to a particular site.” –Kevin Fogarty | IT World

In today’s online world, privacy is not a right that exists, it is an option that you must exercise on your own. Just the fact you are reading this means you are more aware of privacy issues than the vast majority of people. Please share your knowledge with others and we hope this video helps.

The Cocoon Team!

Privacy has become a red-hot issue in 2011. As more privacy organizations, advocates and researchers discover and disclose to the general public what social networks, governments, corporations, data miners/aggregators, advertisers and law enforcement collect;  public awareness of the impact of our digital footprints and  invasive online tracking tactics become exposed.

Social networking giant, Facebook has been highly controversial in the realm of data-collection practices and is a master of stealth digital surveillance:

“Facebook has perfected a stealth digital surveillance apparatus that tracks, analyzes and then acts on your information, including what you tell your friends,” said Jeffrey Chester, executive director of the Center for Digital Democracy. “Facebook users should be cautious about whether the social networking giant ultimately has their best interests at heart.”   –Los Angeles Times

With the rise of online hactivism, hacker groups such as Lulzsec’s 50-day rampage against corporations, law enforcement and security companies affected individual lives when they targeted the CIA and dumped a list of 62,000+ email addresses and passwords.

Many of you may remember Firesheep (October 2010), the Firefox plug-in that let hackers eavesdrop and steal unencrypted cookies from anyone who used unsafe Wi-Fi connections (such as airport and coffee houses). Firesheep would let non-technical people become “hackers” giving them access to the log-in credentials of the victim with a simple double click in the Firesheep sidebar. It would then hijack the web session by copying session cookies and use these cookies to impersonate the victim. Last month Sophos reported that security researchers created their own version of the notorious Firesheep plug-in that had the ability to expose data leakage in Google search history.

The ten biggest threats to privacy in 2011 paint a picture of a landscape that is littered with the potential for warrantless tracking, pervasive monitoring, mobile stalking, behavioral advertising and data harvesting. The repercussions of sharing too much personal information on Social networks has led to a deluge of private data flooding the public domain; where sites such as Facebook consistently alter privacy settings to share more. The latest Facebook platform change to create a deeper sense of connection is secondary – Bottom line:  advertising is primary and Facebook gets its income from ads.

“Data is the new oil…everybody benefits from your data except you, the end user. It’s as if everyone’s genes were harvested by a small number of companies without any payment to those whose genes they are.” –Michael Fertik, chief executive of Reputation.com

Top 10 Internet Privacy Threats: 

10-GEO Tags: When photos or videos are taken with a GPS-equipped device (digital camera, laptop, smartphone) they are embedded with a geotag that reveals the exact location in longitude and latitude of where it was taken. The exposure of geo-locational data on social networking sites could enable the risk of social surveillance and stalking.

9- Google Wi-Fi Sniffing: According to news sources, Skyhook Wireless has been wardriving a fleet of trucks through towns and cities in the U.S., Canada, (covering 70 percent of population centers) and metropolitan centers in Europe and Asia and  mapping every wireless router, both public and private. Skyhook identified each router by its MAC address and correlated it with the exact location of each router, using GPS. The router information currently exists in a database of 250 million Wi-Fi access points. That’s pretty scary because most people have no idea that this has happened.

8-Facial Recognition Technology: Initial use of this technology was used by law enforcement, security and surveillance but is now in the public realm with apps like SocialCamera and SceneTap.

Facebook deployed Facial-recognition software this summer, allowing people to opt out of tagging but did not stop Facebook from gathering data or having the ability to recognize your face. Eventually this technology is meant to search for people by simply using a picture.

With facial recognition software that can discern users’ true identities–not just the personae they choose to create online–Facebook becomes a much more powerful identification tool. –Rebecca Greenfield, Atlantic Wire

7-Internet Censorship:  Some countries that have extremely strong censorship policies are: China, Iran and Myanmar. China has has an advanced filtering system (the Great Firewall of China) and can restrict access in real time. Over 10 million web pages are blocked in Iran and web sites that offer tools and techniques for circumventing filters are also heavily filtered. The Myanmar government allegedly monitors Internet cafes with computers that take screenshots every few minutes.

6-Smartphones: The government’s ability to track individuals using Smartphone’s and mobile malware top the list. Researchers at Trusteer recently discovered a new attack by the SpyEye Trojan that targets online banking security systems.

The malware compromises the login information to the victim’s bank account and injects a phony page into the smartphone browser. The malware then instructs the victim to type the original confirmation code into the fake web page form. The hacker is able to capture the code (man in the browser injection) and login to the victim’s bank account. Once the hacker is in, they change the telephone number associated with the account and divert the funds.

5-Data-Stealing: Rogue applications on social networking sites, computers that harbor botnets (Coreflood) and smartphone malware (DroidDream) are just a few of the nasties that are out there.

4-Behavioral advertising: HTTP cookies, flash cookies, sites that respawn HTTP cookies with Flash (KISSmetrics), and HTML5 Local storage (more flexible than standard HTTP cookies) are just a few of the methods that are used for tracking online users.

During the course of a typical day – if you use your computer, your smartphone, your TV and shop at your local stores using a loyalty card – targeted advertising will trail behind you. When you sit down to watch TV, your TV is watching you. Visiting Facebook, searching on Google or Bing also adds to the fleshing out of your behavioral profile that consists of your searches, online habits, preferences and buying patterns.

3-Hackers: – Organized cybercriminals, hacktivists, Anonymous and Lulzsec are a few of the online entities that participate in DDoS attacks, data breaches, phishing, online banking fraud, online shopping fraud and a host of other unsavory activities. Weak security systems are generally the culprit.

2-Social networks: Social networks allow users to build connections and store information remotely. It is also the weakest data link. When people become dependent on social networking default privacy settings (Facebook’s frictionless sharing) and post too much personal information online, it becomes ripe for picking. Identity thieves, scammers, hackers, debt collectors, corporations, marketers, data miners and governments use social networks to gather information. Your data is the harvest.

1-You!  – The weakest link in the privacy chain could be YOU! Everything that you do online leaves a digital footprint from search engine tastes to browsing patterns and social interactions. Things that you share online could go further than your social circle. Always think before you post!