Awareness

I’ve previously written about the difficulties of keeping up to date with the current privacy policies of products one is using. Not only are they updated regularly, they are also long and complex. Here Mozilla, the non profit organisation behind Firefox among other things, have created Privacy not Included to help. Privacy not included is a tool where experts investigates the privacy of different products, and gives clear information both what is said in the policy and what data it collects (permissions, sensors on the device etc.). In addition to pure privacy related analysis, information about the basic security of the product as well as the use of AI is investigated. Even though Privacy not Included does not contain all products around the world, there are lots of them and some of the results are surprising. Enough so to get me to get stuck just reading the analysis while reading up for this post. And if there is a product missing that you would love to see investigated, there is an easy form to request products to be analysed in the future. ...

In today’s connected world every little store or office needs internet, and the usual way to implement that is by setting up a WiFi. There are endless products that allow for a plug and play experience for the less tech-savvy users. However, there are some common traps that someone inexperienced might fall into when setting up a network. In this post I will discuss some of these traps and what risk they might impose. ...

When looking at the communications of the major players in the operating system market (for both computers and smartphones) there are one company that repeatedly talks about privacy more than the others. The company I am thinking about is Apple. Their continuous talk about privacy got me curious, how do they handle their users privacy. And when curious it’s time to investigate, so I dug into their Privacy Policy (Updated June 1, 2021), and my thoughts resulted in this blogpost. ...

This investigation should not be taken as a full review of the browsers, but wishes to highlight the differences that different browsers have in how they handle user privacy. The test aims to give an overview, not describe in detail what each browser does or does not do. Methodology To perform this test I created a new virtual machine based on Windows MSEdge win10 VM. In this VM I installed the browsers intended to be tested, using the default configuration. After that I configured BurpSuite as a proxy for the VM, so that all traffic is routed through it. This way it will document all the traffic that the browser in the VM is sending. ...

Previously I’ve written a post about security for development teams, and now it’s time for the continuation. Just as for developer there are great benefits in performing security tests for administrators. However, the methodology when testing the infrastructure is not the same as when testing an application. In this post I’m going to introduce categories of testing for administrators in much the same way as I did for developers, allowing any team to begin thinking about security and performing basic security testing. The categories proposed can also be adapted to be used as requirements, more so than the ones used for developers. This is since they are easier to apply regardless of what solution is tested. ...