How it works. Email tracking is possible because modern graphical email clients allow rendering a subset of HTML. JavaScript is invariably stripped, but embedded images and stylesheets are allowed. These are downloaded and rendered by the email client when the user views the email.[2] Crucially, many email clients, and almost all web browsers, in the case of webmail, send third-party cookies with these requests. The email address is leaked by being encoded as a parameter into these third-party URLs.
You may know that most websites have third-party analytics scripts that record which pages you visit and the searches you make. But lately, more and more sites use “session replay” scripts. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers. Unlike typical analytics services that provide aggregate statistics, these scripts are intended for the recording and playback of individual browsing sessions, as if someone is looking over your shoulder.
Prominent companies who use the scripts include men’s retailer Bonobos.com, Walgreens.com, and the financial investment firm Fidelity.com. It’s also worth noting that 482 might be a low estimate. It’s likely that the scripts don’t record every user that visits a site, the researchers told me. So when they were testing, they likely did not detect some scripts because they were not activated. You can see all the popular websites that utilize session replay scripts documented by the researchers here.
"Russia is a full-scope cyber actor that poses a major threat to US government, military, diplomatic, commercial and critical infrastructure," the testimony said. It was written by James Clapper, the Director of National Intelligence, Marcel Lettre, Undersecretary of Defense for intelligence, and Admiral Michael Rogers, director of the National Security Agency.
Q: Is it true that flashlight apps for your smartphone may contain malware?
A: It’s not just flashlight apps. Over 90% of freeware (free computer software for photos, converting Youtube videos, etc.) and free app downloads contain malware that is secretly added to your device. Besides stealing your data, they can corrupt files or worse. Quite often they use your connection and device to attack other people making it look like you are the bad guy. Attacks on the Whitehouse, FBI, CIA and military bases (such as Andrews Air Force Base) have happened this way. As far as smartphone apps go, there are not that many legit apps. Apple is of particular concern because their developer's "tool kit" has been compromised. The result was many legit app developers used the official Apple tool kit, but ended up incorporating malware. This is what happened with most of the flashlight apps. (1)
By the way, the apps developed for Facebook are often used to compromise your Facebook account and steal your identity, as well as, attack all your friends. If Facebook doesn’t make the app, don’t use it. Examples of bogus apps include “What song was a hit on your birthday?”, “How loyal are you?”, “Who is stalking you?”, “Which season of the year are you?”, “3 reasons to love yourself!”, “Let’s make a drawing of you” and “Yourself as an oil painting”.
Q: How do I know if Facebook makes the app?
A: If Facebook makes the app, it is usually automatically integrated into the interface. Examples include when Facebook added more choices to the "like" button and the app they put in your feed about "1 year ago today". Those are Facebook apps. The ones that tell you about your loyalty, stalkers, hit record on your birthday, compare you to your friends, etc. are clickbait and should be avoided. Almost all of these apps abuse your friends. Some of them allow your account to do criminal activity, such as, post sunglasses or shoes for sale tagging your friends without your knowledge. Some of them do even worse stuff, such as, compromise your account and use your account to surreptitiously to do a host of bad activities.
Q: Are Android apps safer than Apple apps?
A: Most apps are not developed by Google, Microsoft or Apple. If someone is giving an app away, it is probably for ill purposes. Nevertheless, the advantage of Android — it is built on Linux (open source code.) This means anyone can see the source and/or fix the computer code. That is not the case with Apple or Microsoft. We suggest Android on your phones and Linux on your computers.
Q: My tech-savvy son says it is safe to download apps from Google. Is the Google app store safe?
A: it’s not Google… it is the open source community. Google doesn't own Android. Android is based on Linux (free open source software) the Linux community is serious about security. We’ve been involved with Linux development since the 1990's. Apple and Microsoft are based on proprietary software which is the opposite of the open source philosophy. In any event, none of us like Google for other reasons; however, their exploitation of Linux is better for mankind than Apple and Microsoft. Google Android apps are a better bet than other OS’s (operating systems) because they use Linux. That doesn't mean you should trust Google. Do not trust Google.
Q: What about GPS apps?
A: GPS apps are the most exploited function/app of a smartphone. Not only do private companies exploit the data but bad guys and our government do, too. So my advice is what I did for my Dad. He suffers from dementia and tends to wonder off. We got a Metro PCS smartphone and the sole use is for tracking my Dad with a GPS app. If you want a GPS, use a separate device.
An example of a GPS smartphone app scam recently happened in Chester County, PA. Bad guys hacked GPS apps and sent fraudulent email traffic tickets to unsuspecting motorists. (2)
References:
1) Apple's App Store infected with XcodeGhost malware in China after major security breach. China;s "Great Firewall" may have been partly to blame for the first major attack on Apple Inc’s (AAPL.O) App Store, but experts also point the finger at lax security procedures of some big-name Chinese tech firms and how Apple itself supports developers in its second biggest market. A malicious program, dubbed XcodeGhost, hit hundreds – possibly thousands – of Apple iOS apps, including products from some of China’s most successful tech companies used by hundreds of millions of people. (Reuters)
2) Beware of This Crazy Speeding Ticket Scam; Philadelphia-area residents have been targeted, and the level of information the perpetrator has is downright scary. The Tredyffrin Police Department in Chester County announced the speeding ticket scam this week, explaining that three local residents reported receiving emails notifying them of speeding infractions. Tredyffrin doesn't have speed cameras, and the police say that they have nothing to do with these citation notices, but here's the thing: The residents were, in fact, speeding at the locations cited in the citations. How is this possible? Well, investigators suspect that a hacker has exploited a security flaw in some GPS-enabled smartphone apps. (Philly Magazine)
Unsolicited commercial email may be a privacy and/or security violation under the Federal Trade Commission of the United States of America. SPAM should be forwarded to uce@ftc.gov.