Google, Mozilla Privacy Efforts Lead Security News

User privacy was in the news this past week when Mozilla and Google proposed their own answers for concerns about online behavioral tracking by advertisers.

Mozilla entered the fray Jan. 23 when it proposed adding a "Do Not Track" HTTP header to the Firefox browser to send a signal to Websites that users do not want to be tracked by online advertisers.

"When the feature is enabled and users turn it on, web sites will be told by Firefox that a user would like to opt-out of OBA (online behavioral advertising)," blogged Alex Fowler, Mozilla's technology and privacy officer. "We believe the header-based approach has the potential to be better for the web in the long run because it is a clearer and more universal opt-out mechanism than cookies or blacklists."

A day later, Google announced an extension for the Google Chrome browser that will allow users to permanently opt out of being tracked online by advertisers' cookies, provided the companies offer opt-outs through industry self-regulation programs.

"Advertising companies that are members of the Network Advertising Initiative (NAI) already let you opt out of tracking for the purposes of personalizing advertisements, and many online advertisers and trade associations have also joined a major self-regulatory effort to enforce a uniform privacy icon for ads, as well as opt-out guidelines," Google product managers Sean Harvey and Rajas Moonka wrote in a joint blog post.

Though both approaches have their shortcomings, some privacy advocates trumpeted the companies' efforts.

The CEO of the ISP used by WikiLeaks also talked privacy during the week, when he announced the company will pass all customers through an anonymizing service by default to circumvent data retention laws.

"We plan to let our traffic go through a VPN service," said Jon Jarlung, CEO of Swedish ISP Bahnhof, in an interview with Sveriges Radio (transcript translated through Google Translate) on Jan. 26.

The announcement was just another twist in the WikiLeaks saga that occurred during the week. On Jan. 27, law enforcement in the U.K. arrested five people in connection with the spate of denial-of-service attacks linked to "Anonymous." The FBI, meanwhile, executed 40 search warrants related to the investigation in the United States.

Also in the news, Facebook took the extra step to secure users by offering always-on HTTPS, an option the social networking company said Jan. 26 it will be rolling out gradually during upcoming weeks. Once users turn on the HTTPS feature, it will remain on indefinitely to protect their future sessions unless they turn it off, a company spokesperson told eWEEK.

Facebook also talked up what it called Social Authentication, a new authentication scheme where users would be asked to identify their Facebook "friends" in photographs if there is suspicion their account has been compromised.

"Instead of showing you a traditional captcha on Facebook, one of the ways we may help verify your identity is through social authentication," blogged Alex Rice, a security engineer with Facebook. "We will show you a few pictures of your friends and ask you to name the person in those photos. Hackers halfway across the world might know your password, but they don't know who your friends are."

Perhaps ironically, news of the changes followed reports that a fan page for Facebook CEO Mark Zuckerberg had been compromised to post the following message: "Let the hacking begin: If Facebook needs money, instead of going to the banks, why doesn't Facebook let its users invest in Facebook in a social way? Why not transform Facebook into a 'social business' the way Nobel Prize winner Muhammad Yunus described it? http://bit.ly/fs6rT3 What do you think? #hackercup2011."

The message came a few days after Facebook announced it had raised $1.5 billion in funding from Goldman Sachs and Digital Sky Technologies, bringing the company's total value to $50 billion.