Blogue | Internet Cloud Canada | Informations & Services

19 Avr

Twitter moves all NON-US Accounts to Ireland

What's behind this?

The rumors are numerous regarding the amendment made by Twitter this week regarding their terms of use. Basically, Twitter moves all data of Non-US accounts to Ireland.

Originally, it was Twitter USA, based in San Francisco, CA who controlled all the data and accounts. A new division in Ireland now has all of the world accounts except those in the United States.

Circumvention of US laws

Moving data in Ireland, bypasses the current Laws in force in the United States, as much as to prevent future laws that may apply. It also repels most intelligence agencies to be able to ask to check those informations with a warrant.

Is there a desire to circumvent the laws and get away from the Federal Intelligence Agency (NSA)? It is interesting to ask the question, especially when you know that Facebook has also made this kind of data movement, also in Ireland.

Commercial Advantage

Most likely, we think that doing a change in this way, it is more a commercial advantage and a desire to have more money on data management and operations. Ireland does not have the same laws as the United States. The laws are more laxist in terms of rights to confidentiality and privacy.

This leaves room for a benefit of using data for user-targeted advertising, expoiting the personal information of each users. There is much more global users of Twitter users than Americans users. Easy to see the benefits of such a change.

Data Privacy

We should be concerned by how our personal informations are used on social networks such as Twitter and Facebook. The constant search for profits and the pole position on the advertising market will establish whether intentionally or not personal data breaches for sure.

The search for more flexible laws involves an element of risk that criminals also have more latitude to operate in these permissive legal contexts. As Canadians, we are in the same boat as the rest of the world, our data is sent in Ireland.

Twitter takes advantage of the 2 sides!

First, they decentralize your personal informations in order to use it in a less restricted legal context. The stated goal: Make targeted advertising on a vast scale by charging advertisers.

On the other hand, advertisers pay to put forward their brand to targeted users (gender, age, location etc.). But Twitter mentions loudly that we can use « aliases » in order to have control over our personal information.

By allowing pseudonyms, the target audience is biased. When Rolland 54, teacher with a living 90K per year will select a username and create a Twitter account, I doubt that he will only changes its name …

Rolland will change his age group, his city, his country, who knows ?! Where is the targeted advertising?

Twitter assured people that their personal information is safe while doing a lot of profit on advertisers who do not have the quality of the target data they should expect if they were in a regulated country like United States.

Observations

Finally for those who believe that Twitter is trying to get rid of the NSA, note that in any data movement, there is possibility of intercepting it. Finally, for those who believe to be free to do whatever they want by having their account hosted in Ireland under pseudonyms, do not believe that it will give you the right to harass, manipulate, terrorize. You will be observed and tracked as needed.

Intelligence agencies have a lot of ressources. Right or wrong, these ressources are set in motion to protect the population. In those « transactions » like Twitter has done, we hope it do not give too much space to the enemy in certain situations where you need accurate information by the police departments.

When discussing on social networks and broadcasting your personal information or your activities, residence etc, be very careful. The internet gives an occasion to dehumanize the interaction, giving way to other kinds of predators that may be just as dangerous as all others!

19 Avr

Twitter déplace la majorité des comptes utilisateurs en Irlande!

twitter deplace la majorite des comptes en irlande

Quel est le but réel?

Les rumeurs vont bon train concernant la modification des règles d’utilisation de Twitter survenu il y a à peine quelques jours. En gros, Twitter déplace toutes les données des comptes Non-Américains en sol Irlandais.

Originellement, , c’est Twitter US, basé à San Francisco, CA qui contrôlait toutes les données et les comptes. Une filiale en Irlande possède désormais l’ensemble des comptes mondiaux sauf ceux des États-Unis.

Contournement des lois Américaines

Le fait de déplacer les données en Irlande, permet de contourner les lois actuelles en force aux États-Unis, autant que de se prévenir des futures lois qui pourraient s’appliquer. Cela éloigne aussi la plupart des agences de renseignements à pouvoir demander de contrôler ces données par un mandat judiciaire.

Y-a-t-il donc un désir de contourner les lois et se mettre à l’abri de l’agence fédérale de renseignements ( NSA ) ? Il est intéressant de se poser la question, surtout quand on sait que Facebook a procédé également à ce genre de déplacement de données, toujours en sol Irlandais.

Avantage commercial

Le plus plausible pour faire un changement de la sorte, c’est un avantage commercial, lucratif sur la gestion des données et de leur exploitation. L’Irlande n’a pas les mêmes lois que les États-Unis. Les lois sont plus laxistes en terme de droits sur la confidentialité et de la vie privée.

Ce qui laisse place à un avantage d’utilisation des données au niveau de publicité ciblée par utilisateur. Considérant qu’il y a beaucoup plus d’utilisateurs mondiaux de Twitter que d’utilisateurs Américains, en effectuant le calcul, nous voyons clairement les bénéfices d’une telle modification de l’hébergement des données.

Confidentialité des données

Il est certain qu’il y a à se poser la question de comment seront utilisés les informations personnelles que nous plaçons dans les réseaux sociaux tel que Twitter et Facebook. La recherche constante de profits et de prise de contrôle du marché publicitaire vont intentionnellement ou non établir des brèches dans les données personnelles.

La recherche de lois plus souples comporte une part de risque que les criminels ont aussi plus de latitude à opérer dans ces contextes légaux permissifs. En tant que Canadiens, nous sommes dans le même bateau que le reste du monde, nos données sont envoyées en Irlande.

Twitter tire un avantage des 2 côtés!

D’une part, ils retirent vos informations et les décentralisent pour pouvoir les utiliser dans un contexte légal moins restreint. Le but avoué : Faire de la publicité ciblée à vaste échelle en faisant payer des annonceurs.

De l’autre part, les annonceurs payent pour mettre de l’avant leur marque à des utilisateurs ciblés ( sexe, âge, localisation etc. ). Or, Twitter mentionne haut et fort que nous pouvons utiliser des « pseudonymes » pour pouvoir avoir le contrôle sur nos informations personnelles.

En autorisant les pseudonymes, la clientèle cible est biaisée. Quand Rolland 54 ans, professeur avec un niveau de vie de 90K$ par année choisira un pseudonyme et créera un compte Twitter, je doute qu’il ne change uniquement son nom…

Rolland changera son groupe d’âge, sa ville, son pays, son niveau de vie qui sait?! Alors publicité ciblée mon oeil!

Twitter sort gagnant en rassurant les gens que leurs informations personnelles sont à l’abri tout en faisant énormément de profit sur les annonceurs qui n’ont plus la qualité des données cibles qu’ils devraient escompter si celles-ci étaient dans un pays réglementé comme les États-Unis.

Observations

Enfin pour celles et ceux qui croient que Twitter agit afin de se prémunir d’un contrôle de la NSA, notez que dans tout mouvement de données, il y a possibilité d’interception de celles-ci. Enfin pour les autres qui croient être à l’abri en ayant leur compte hébergé en Irlande sous des pseudonymes, ne croyez pas que cela vous donnera le droit de harceler, manipuler, terroriser. Vous serez observés et traqués au besoin.

Les moyens dont possèdent les agences de renseignements sont immenses. Bien ou mal, ces moyens sont mis en branle pour protéger les populations. la seule chose à espérer c’est que ce genre de « transactions » comme Twitter a fait, ne donnent pas trop de coups d’avance à l’adversaire dans certaines situations où il faut de l’information précise par les services policiers.

Soyez toujours très prudent en discutant sur les réseaux sociaux et en diffusant vos informations personnelles ou sur vos activités, lieu de résidence etc. L’internet permet de déshumaniser les rapports, ce qui donne place à des prédateurs d’un autre acabit qui peuvent se révéler par contre tout aussi dangereux!

18 Avr

How to perform a Audit Check of your Website

All firms, small and big ones should conduct a security audit on their data structures and their website. Every owner or manager of a website must lead at regular intervals a security audit to determine if everything is secure.

Because of the frequent changes that are made in the technology and softwares, security auditing is essential as a prevention tool but also for planning future equipment needs, programming and logistical support.

How to conduct a security audit?

Before driving a security audit, you must do some planning (pre-audit) and organizing this recurring task. An infrastructure plan should be done. If you have a small system, you can always write down the brand, model, drive capacity and memory, software versions, proof of purchase and warranty.

You should then make a short summary of what constitutes the infrastructure. Mentioning how many computers are in the network, internet access point, routers, switches, wiring, where are these facilities and who is the internet provider with the account number and the annual cost of the solution.

Then you determine if your security audit is done globally or if it is done in portions all year long. You might determine to check that online transactions meet the standards every 6 months, but keep an audit of physical security every 3 months. In addition, you may establish a software audit annually.

A possible division of audits should respect your budget, be well targeted in dates in order to have all relevant human resources available during the audit.

It is useful to clearly define the objectives of the audit of each departments according to their environment by clearly stating the degree of sensitivity of the data passing through. All policies and procedures or guidelines should be classified in handwritten files made available to all and clearly identified.

Remember that security auditing is used to enforce security, it is a development tool for systems and data. Do not search for things not done as demanded rather to improve the situation by taking the current pulse of the situation.

The Checklist

Depending on the type of organization in which you operate, the elements constituting the safety audit will increase. Even in small businesses you should have these basic elements:

– Check the protection of passwords;

– Check open and accessible network ports;

– Whether it is possible to do SQL Injection;

– Determine whether the backups and supports are adequate in number and quality;

– Check that the updates are done on a regular basis and all softwares are up to date;

– Check vulnerabilities of servers : Their location, their age, the risk of damage etc.

In a wider audit plan, there are hundreds of factors that are to be assessed by high risk, medium or low risk. It is necessary to determine a schedule for each of these items and vote a budget to solve them instead of seeing the list grow in number.

The problems often come at the worst time. The failure to conduct security audit not only exposes you to hackers and data loss but also the contingencies and misfortunes.

If you are vulnerable at all points of view, you will certainly not fulfill your short or medium term mission.

Internet Cloud Canada conducts comprehensive security audits for all types of organizations. Our solution allows you to develop your business and ensure the quality of data processing!

Open Solutions for audit check

Every origanizations have differents goals, budget and views of security audits. There’s open solutions available. They do not give the full state of your business vulnerabilities, but it’s better than nothing at all!

For LINUX, the following testing and auditing tools can inform you about some flaws in your systems.

You can also use the free or near-free online scan solutions to identify some vulnerabilities.

Conclusion

Whatever the nature of your organization or its size or complexity, you have to drive minimally a security audit annually and ensure to include as much informations possible to make good decisions that will shape your future.

If you need some advices or find that open solutions do not meet your needs or are too complex, our technicians will be happy to conduct your security audits for you.

We include in our audits: DOM-Based Cross-site Scripting, Reflected Cross-site Scripting, verifying all credentials and passwords, tests of the security certificates (https), PCI standards for online merchants, correct encoding of Data in HTML, checking the physical safety of the equipment and its environment. The audit we drive will be aligned with your objectives and your budget!