Over the past week, Google has been called out for bypassing default privacy settings in both Safari and Internet Explorer in order to serve up advertising cookies. The two cases were quite different. With Safari, Google acknowledged the problem and said it was an accident. With Internet Explorer, Google said it was using the best available workaround for an outdated browser privacy technology that limits the capabilities of modern websites—and noted that thousands of other websites do much the same thing to get past IE’s privacy policy.

Despite the differences, each case demonstrates one thing that may be troubling to Web users: privacy settings in browsers can be easily circumvented. There are few technological barriers preventing companies like Google and Facebook from tracking users to serve up personalized ads, and there are few legal barriers as well.

To dig into these issues, Ars spoke with Lorrie Faith Cranor, a computer science professor at Carnegie Mellon University and director of the institution’s Usable Privacy and Security Laboratory. Protecting user privacy on the Web is an ongoing struggle, and one that is not going well, she said.

“Every time we come up with a technical solution that protects privacy, the websites come up with something they want to do that is broken by this privacy protection, and so they find a workaround for it and they basically break the privacy protection,” she said.

Cranor played a central role in developing the privacy standard used by Internet Explorer, which is called the Platform for Privacy Preferences Project, or P3P. P3P was built in 2002 by the World Wide Web Consortium (W3C), with Cranor serving as chairperson of the P3P working group. She also authored a book on P3P that same year.

The usefulness of P3P was put under the microscope this past week. Microsoft, the only major browser vendor to use P3P, notes that it blocks third-party cookies unless presented with a Compact Policy Statement (CP) promising not to use the cookie to track the user. Microsoft accused Google of circumventing this requirement with a fake policy that says “This is not a P3P policy” and a link to a Google page describing the company’s opposition to P3P.

Google fired back that it is “impractical to comply with Microsoft’s request while providing modern web functionality,” such as signing into websites using one’s Google account, or using Facebook’s “Like” button. To prove its point, Google pointed to Cranor’s own research showing that about a third of 33,000 studied sites were circumventing P3P in Internet Explorer.

Is P3P outdated?

Cranor acknowledges that standards work on P3P has been nonexistent in recent years, and that it is only implemented by Internet Explorer. That said, IE is still the world’s most widely used browser, and “there is nothing about P3P that goes bad. It doesn’t have a sell by date. The standard we put out in 2002 is still a perfectly good standard.”

Cranor is also skeptical of the claim that Google can’t devise functionality that doesn’t also comply with P3P, saying “It’s not obvious to me there’s any fundamental reason why a proper P3P compact policy wouldn’t work in that scenario.”

Google noted that Cranor’s research called Microsoft’s own msn.com and live.com for providing invalid P3P policy statements, and notes that the research (from 2010) also showed that “Microsoft’s support website recommends the use of invalid CPs as a work-around for a problem in IE.”

The report, Cranor explains, discovered several methods for circumventing P3P policy. One method is submitting a CP statement “that is clearly not a P3P policy, and that’s what Google and Facebook and at one point Amazon did,” she said. Other offenders had “P3P policies that were almost right but not quite,” and it was unclear whether the violations were purposeful or accidental. That’s the category Microsoft fell into.

But the more puzzling accusation that a Microsoft support website provided advice recommending the use of invalid P3P statements is true, Cranor said.

Microsoft had received a question from a website developer about cookies breaking website content, and the answer Microsoft provided “was put the P3P compact policy on your website, and [Microsoft] gave an example of a P3P compact policy with no mention that you should write one that matches your website and not just blindly copy this one,” Cranor said. The sample policy was invalid, yet “we found that thousands of websites just copied that string and it fixed the problem on their website.”

Microsoft deleted that advice shortly after the report from Cranor and her Carnegie Mellon colleagues came out in 2010, although it apparently still existed on a Spanish language version of the site as of a few days ago, she said.

Privacy tools lack teeth

While the Google said/Microsoft said battles can be occasionally entertaining, the real problem is the lack of privacy standards that are both difficult to circumvent and enforceable through legal processes. Whether there would be a legal obligation to comply with P3P is a question that “came up a lot” during the standards process a decade ago, Cranor said.

“We asked regulators from the US, Europe, Canada, Australia, lots of places this question and their response was always the same: ‘To the extent that I have the authority to enforce privacy policies written in human-readable languages, English, French, German, whatever, we can use that authority to enforce computer-readable policies like P3P.’ So based on that statement, we concluded that the Federal Trade Commission [in the US] can go after companies who say deceptive things in their privacy policies … and they had even more authority in some of the other countries.”

Cranor has argued that Microsoft hasn’t done a good job implementing P3P. But Google’s use of the text “This is not a P3P policy,” while understandable to a human, is clearly deceptive because it’s “tricking the Internet Explorer Web browser that cant read those words … and treats it as a P3P policy and unblocks the cookie,” Cranor said.

Still, Google is not the only company doing this by a long shot, and in the ten years since P3P was implemented, Cranor said, “I don’t know of any regulator that has gone after a company for P3P violations.”

“It’s both a technical problem and a legal problem,” Cranor further said. “The technical ways these things are being enforced are rather brittle. If we had good legal enforcement that would make up for the fact that the technology is brittle, because then if somebody goes ahead and breaks the technology you would have the law come swooping in to go after them. But as it is they’re both brittle.”

Amazon actually faced a lawsuit over its use of invalid P3P policies to trick Internet Explorer into accepting cookies. Amazon now uses a valid policy, but the lawsuit was dismissed in December.

Google is facing complaints to the FTC and a class-action lawsuit over its cookie circumvention in Safari. An advocacy group that complained to the FTC said Google’s bypassing of Safari’s privacy protections—which Google has now stopped—violated a previous privacy agreement with the FTC.

The FTC is the more promising venue for privacy rights advocates, Cranor says. Lawsuits filed by individuals have to show some tangible monetary harm, but the FTC isn’t held to that burden.

“In the US, the lawsuits are a much more difficult way to go than having the FTC or state attorneys general handle it,” Cranor said. “We don’t have much in the way of privacy laws in the US.”

Can Do Not Track save the day?

The Electronic Frontier Foundation (EFF) argued that Google’s Safari trick proves the need for so-called “Do Not Track” technology. The likes of Firefox and Internet Explorer have implemented such functionality, and Google Chrome has a similar option called “Keep My Opt-Outs.”

The idea is fairly simple: give users a button to press, having the browser send a header to all websites informing them that the user who pressed the button is not to be tracked. Do Not Track could potentially replace P3P as a standard.

But Cranor, despite serving on the EFF board, is skeptical. There are problematic questions, including what it means to track and what it means to not track. Google could argue that setting advertising-related cookies is OK because the cookies don’t collect any personal information, and Facebook could say technology used to customize content for signed-in users shouldn’t be subject to new restrictions, either.

Today’s implementations rely on websites essentially following the honor system, and making Do Not Track a standard wouldn’t necessarily change that, Cranor said.

“Like P3P, this would just be a standard and it would be in the same boat P3P was in,” she said. “If the industry agrees on a standard and … we find out some companies are ignoring this and tracking you anyway, could the FTC do anything about it? I don’t know. I think they’d be in an even worse position than they are with P3P, because the companies will claim ‘we never even signed on to this. We didn’t send any ‘do not track’ header, we just ignored the one you sent us.’”

Finding the right balance between privacy and functionality will be difficult, she said. Cranor noted that Microsoft’s Tracking Protection Lists for IE9 are quite good at stopping websites from placing tracking cookies, preventing the kind of circumvention Google and Facebook practice. But the implementation can break functionality users want, she noted.

Chrome and Firefox also have options for blocking cookies. Some third-party companies are building browser add-ons, such as Abine and Evidon, the usability of which Cranor and colleagues examined in a recent report. Generally the tools tend to just block everything, although some vendors are working toward a more nuanced solution, she said. Cranor and her colleagues found “serious usability flaws” in all nine tools they evaluated.

“Having been involved in privacy technology now for about 15 years, I”m not optimistic that technology alone here is going to solve the problem,” she said.

Google are set to launch a pair of glasses that will stream content to the wearer’s eyes in real time, according to reports.

A blog post on the New York Times website
claims that the product − reportedly expected to cost around the price of a smartphone − could be in the shops by the end of 2012.

Referencing anonymous Google sources, it is thought that the specs will be Android-based and include a small screen located just a few inches away from the eye.

It is also claimed that they will come with a 3G or 4G data connection and include motion and GPS sensors.

Tech blogger Seth Weintraub has claimed that sources have described the appearance of the smartglasses as similar to that of a pair of Oakley Thumps.

Writing earlier this month, Weintraub added: “The navigation system currently used is a head tilting to scroll and click

“We are told it is very quick to learn and once the user is adept at navigation, it becomes second nature and almost indistinguishable to outside users.”

Furthermore, it is suggested that the eyewear will have a low-res camera built in making it possible to observe the world in real time and overlay information about locations, surrounding buildings and friends who might be nearby.

Unquestionably, privacy implications concerning the recording of a wearer’s day-to-day point of view will be drawn into focus should the project reach fruition.

Less controversially, a whole range of Google applications are expected to be integrated into the product, with the likes of Google Latitude sharing locations, Google Goggles searching images and working out what is being observed, and Google Maps displaying nearby related interests.

A Google employee is quoted as saying: “You will be able to check in to locations with your friends through the glasses.”

Previous conjecture has similarly supposed that Apple is also exploring wearable computing, but it is expected that the focus will be technology that straps around the wrist.

It is thought that the project is currently being researched at the secretive Google X lab, based near Google’s main campus that is reportedly charged with developing robotics, space elevators and many other futuristic projects.

Google have apparently declined to comment on the speculated project.

Mental health sufferers will have access to a new website informing them of their insurance rights.

The initiative aims to helps Australians facing difficulty in accessing insurance policies and making claims because of mental illness.

The website created by the The Mental Health Council of Australia (MHCA) and the national depression initiative Beyondblue was launched on Wednesday.

The site has been developed in collaboration with insurance industry representatives to help consumers seeking insurance products know their rights.

The website contains information on mental illness and insurance, including the relationship between mental illness and insurance products, consumer legal rights and the disability legislative structure.

A Tell Your Story portal also allows visitors to share their experiences.

The website comes after a MCHA survey found mental health sufferers reported a lack of awareness of their rights and responsibilities with insurance applications and claims.

“This one-stop online portal will improve knowledge and awareness of insurance practices for mental health consumers and their carers,” the MCHA said in a statement on Wednesday.

Mental health sufferers and their carers can log on to the website at www.mentalhealthandinsurance.org.au.

An Overview of Sydney Based Web Designing
announced 23 days

Brief Website Designing History of Australia
announced 28 days

Checklist for website design
announced 18 days

Puffweb.com re-launches a brand new version of their electronic cigarette review website, making it much more user friendly, and easier to submit reviews.

Tampa, FL (PRWEB) February 21, 2012

Puffweb started back in 2009 as a one page website, and gradually grew to be the most recognized website on the internet regarding electronic cigarettes.

On March 1st 2012, Puffweb will re-launch with a much cleaner, easier to read website design and added functionality.

Readers will be able to read reviews on different Electronic Cigarettes and also submit their own reviews along with a star rating system.

At the top of the website, a real time graph will display the top E-cig brands based on current customer ratings. The results are updated instantly every time a new user adds a review.

Currently, the top reviews on Puffweb are the V2 Cigs Review and the Green Smoke review. These two brands are considered the industry leaders.

“Not all reviews are positive”, says Dan Henry, owner of Puffweb.com. Dan says, “There are a few brands that have some pretty bad reviews from irate customers that felt they were wronged or felt the quality was poor. I was asked by these companies to remove the reviews, but I declined as it IS a review website after all. I do not control what people post, and unless I can see that they are blatantly fake or obscene, I let our readers make their own judgments”.

The new Puffweb will include a much easier way for users to submit electronic cigarette reviews, and also a easier to read breakdown of all current user reviews.

In addition, Dan Henry has filmed several new video reviews of what he considers the top Electronic Cigarette brands. While these reviews are helpful, Dan encourages people to read the actual user review and make their buying decision based on current information and ratings on electronic cigarettes.

The new Puffweb website becomes live on March 1st 2012.

###

For the original version on PRWeb visit: www.prweb.com/releases/prweb2012/2/prweb9210796.htm

Husband and Wife composing team Mark Petrie and Gina Brigida launch RoyaltyFreeKings.com – a new royalty free music website aimed at providing independent video producers with premium quality music at a price they can afford.

Los Angeles, CA (PRWEB) February 21, 2012

A revolutionary way of licensing music was born from a very simple idea: that producers on a low budget still deserve access to premium quality music. Up until now, searching on royalty free websites for background music had been a time consuming process, involving trawling through hundreds, if not thousands of tired, dated sounding tracks to find music of the quality and impact a producer needs.

RoyaltyFreeKings.com aims to replace this time wasting search with a streamlined, hand picked catalog of only premium quality music. Producers are literally able to find the music they need, download and begin using it within a few minutes.

One of the founders is New Zealand born composer, Mark Petrie, who at 32 is already a veteran in the music business with over twelve years of professional work in the film, TV and advertising business. In recent years he has composed music for blockbuster trailers such as: The Chronicles of Narnia, The Grey, Total Recall, The Green Lantern and The Amazing Spider-man.

Three years in the making, the royalty free website launched this week with over 50 albums and 800 single tracks available for immediate download, each carefully hand picked for quality and maximum emotional impact. Over twenty composers from around the world participated in the initial music release, and plans are already underway to double the catalog by the end of the year.

The library also includes interesting new categories that are currently hard or impossible to find on other royalty free websites – unique yet compelling hybrids of genres such as: ethnic action music, yoga lounge and Christmas jazz. Mark alludes to an ambitious expansion later on this year that will include more of those niche categories:

“Right now my composers and I are putting the finishing touches on some albums that I’m really excited about, like epic patriotic, patriotic rock, jazz patriotic and urban patriotic, which will all coincide with the busy US political season this year. What’s made the creation of these hybrid albums so much fun is the knowledge that we’re releasing music of the likes never heard before, let alone in the royalty free world.”

Competitive license fees and generous terms (pay once, use forever) have already begun attracting new customers. A monthly ‘free background music‘ section also promises to be a welcome incentive for regular costumers and new buyers alike.

For more information, contact Mark, Gina and their team at info(at)royaltyfreekings(dot)com

# # #

For the original version on PRWeb visit: www.prweb.com/releases/prweb2012/2/prweb9189138.htm

Consumer-focused mobile apps may get more headlines, but business-to-business apps are rising fast up the priorities of companies in the US and UK, according to a survey of 1,000 executives commissioned by Antenna Software.

It found that 43% of companies surveyed are currently working on a mobile app for their customers, but 42% are working on one for their employees.

“Investment in mobile is growing at a meteoric rate, and that’s partly due to companies thinking beyond the app and beyond the idea that mobile is only critical when it comes to consumer engagement,” says Antenna’s chief executive Jim Hemmer.

The research backs up what a number of developers have been telling me privately for a while now: that the market for B2B apps is growing rapidly, and providing a more stable revenue stream for many developers than chancing their luck in the open app stores.

The survey also found that companies aren’t just investing in native apps. In fact, 45% of UK and US firms surveyed are currently working on a customer-facing mobile website – more than are working on native apps for those customers.

Antenna broke down some of its stats on UK businesses for The Guardian. 38% of British firms surveyed are working on mobile websites for their customers, while 35% are making consumer-facing mobile apps. 34% are making apps for employees, and 26% a mobile website for employees.

The US is ahead in terms of investment, with 50% and 48% respectively making a mobile site and app for customers, while 47% and 43% are making a mobile app and site for employees.

The survey found that a third of companies are planning to launch four or more mobile projects in the next 12-18 months, but identified frustration among chief information officers and business unit leaders with the slow pace and high costs of mobile development.

Antenna commissioned the research from Vanson Bourne to promote its new AMPchroma mobile business product, which aims to tackle some of those challenges. It’s far from the only company targeting enterprises in this way though.

The research claims that the average current investment of £269k from UK and US businesses in mobile projects will rise to £590k over the next 18 months.

For all the buzz around consumer-focused social, location and entertainment apps, startups reducing the mobile headaches faced by other kinds of businesses may be where the real action is in 2012 and 2013.