Kaspersky Antivirus Injected Unique Javascript Into Browsers

· · Link

Back in 2015, Kaspersky antivirus added a feature that made it possible for users to be tracked across websites, even in incognito mode.

The identifier, as reported Thursday by c’t Magazine, was part of a blob of JavaScript Kaspersky products injected into every page a user visited. The JavaScript, presented below this paragraph, was designed to, among other things, present a green icon that corresponded to safe links returned in search results…Kaspersky stopped sending the identifier in June, after Eikenberg privately reported the behavior to the AV company.

Google's New reCAPTCHA is an Invisible Tracking Beacon

· · Link

Google’s reCAPTCHA bot detector is now an invisible web beacon and currently on over 650,000 websites.

With reCaptcha v3, technology consultant Marcos Perona and Akrout’s tests both found that their reCaptcha scores were always low risk when they visited a test website on a browser where they were already logged into a Google account. Alternatively, if they went to the test website from a private browser like Tor or a VPN, their scores were high risk.

The Clever Cryptography Behind iOS 13 ‘Find My’

· · Link

iOS 13 ‘Find My’ combines Find My Friends and Find My iPhone. Apple says it uses Bluetooth signals from Apple devices even if they’re offline. And the encryption scheme it uses means that third party attackers can’t track Apple devices, and Apple can’t track them either.

In a background phone call with WIRED following that keynote, Apple broke down that privacy element, explaining how its “encrypted and anonymous” system avoids leaking your location data willy nilly, even as your devices broadcast a Bluetooth signal explicitly designed to let you track your device. The solution to that paradox, it turns out, is a trick that requires you to own at least two Apple devices. Each one emits a constantly changing key that nearby Apple devices use to encrypt and upload your geolocation data, such that only the other Apple device you own possesses the key to decrypt those locations.