TruthFinder: Dark Web Scan Reseller

January 3, 2019

TruthFinder, founded in late 2014 or early 2015, provides background check services. We wanted to document that the firm offers Dark Web scans.

The company states:

Our new Dark Web Monitoring feature is an indispensable tool for people who want to protect their identity from data breaches. You can monitor your sensitive personal information — like your name, phone number, and even credit card number — and receive an instant notification if your data is found on the Dark Web. Cybercriminals buy and sell personal information on the Dark Web every day, but with TruthFinder, you can reduce your chances of becoming a victim of identity theft.

According to the company’s Web site, these services are provided by Experian. DarkCyber believes that Experian obtains Dark Web scanning services from another third party.

The firm also provides public records data to its customers. The services are provided on a fee basis.

In an interview published by Superbcrew, TruthFinder stated:

TruthFinder is also an essential resource for online daters and those who routinely interact with strangers online. With just a quick search, online daters can make sure they’re talking to a real person and not getting catfished. People can also use this service to see if people have prior criminal records, which is one of the many ways TruthFinder helps people stay safe in the real world.

Note: A “catfish” is someone who pretends to be someone else online. The idea is that an individual adopts a persona in order to mask his or her actual identity.

A customer can search by name, phone number, email address, or physical address. The company offers reverse address lookup (who lives at this address?) and reverse phone look up (who has this phone number?).

A TruthFinder report is assembled from the data the company pulls from various data sources. A report, presumably generated by the TruthFinder system, typically offers:

  • Personal Information: Your name, known aliases, and date of birth
  • Possible Photos: TruthFinder crawls images from various social media profiles, including those you may have forgotten existed
  • Jobs and Education: A list of places you have worked and studied, including relevant dates
  • Possible Relatives: View the name, age, and location of people who may be related to you
  • Related Links: Related links may include blogs, relevant news stories, and additional social profiles
  • Contact Information: View landlines, cell phone numbers, and email addresses associated with your name
  • Location History: A list of places you have lived, including the date you were last seen at the location
  • Criminal Records: TruthFinder reports may include arrest details, the outcome of the case, and prison status, when available
  • Sex Offenders: View a map of nearby sex offenders, details of their crime, and links to view their full background report
  • Social Media Profiles: Uncover social media profiles associated with your name, including accounts you may have forgotten
  • Assets
  • Evictions
  • Business associates.

DarkCyber wants to point out that Dark Web scanning is now an item on a punch list, not a rarified service available only to law enforcement and intelligence professionals. TruthFinder’s help section states that reports begin at about $30. An annual subscription runs about $280 per year.

Kenny Toth, January 3, 2019

About Those VPNs

December 26, 2018

News and chatter about VPNs are plentiful. We noted a flurry of stories about Chinese ownership of VPNs. We receive incredible deals for VPNs which are almost too good to be true. We noted this write up from AT&T (a former Baby Bell) and its Alienvault unit: “The Dangers of Free VPNs.”

The idea behind a VPN is hiding traffic from those able to gain access to that traffic. But there is a VPN provider in the mix. From that classic man in the middle position, the VPN may not be as secure as the user thinks.

The AT&T Alienvault viewpoint is slightly different: VPNs are the cat’s pajamas as long as the VPN is AT&T’s.

We learned from the write up:

Technically, VPN providers have the capacity to see everything you do while connected. If it really wanted to, a VPN company could see what videos you watched, read emails you send, or monitor your search history.

The write up points out without reference to lawful intercept orders, national security letters, and the ho hum everyday work in cheerful Ashburn, Virginia:

Thankfully, reputable providers don’t do this. A good provider shouldn’t take any logs of your activity, which means that although they could theoretically access your data, they discard it instead. These “no-log” companies don’t keep copies of your data, so even if they get subpoenaed by a government agency, they have no data that they can hand over. VPN providers may take different types of logs, so you need to be careful when reading the fine print of any potential provider. These logs can include your traffic, DNS requests, timestamps, bandwidth and IP address.

The write up includes a “How do I love thee” approach to the dangers of free VPNs.

Net net: Be scared. Just navigate to this link. AT&T provides VPN service with the goodness one expects.

By the way, note the reference to “logs.” Many gizmos in a data center offering VPN services maintain logs. Processing these auto generated files can yield quite useful information. Perhaps that’s why there are free and low cost services.

Zero logs strikes Beyond Search as something that is easy to say but undesirable and possibly difficult to achieve.

Are VPNs secure? Is Tor?

In January 2019, Beyond Search will cover more dark cyber related content. More news is forthcoming. Let’s face it enterprise search is a done deal. The Beyond Search goose is migrating to search related content plus adjacent issues like AT&T promoting its cheerful, unmonitored, we’re really great approach to online.

Stephen E Arnold, December 26, 2018

Search for a Person in China: Three Seconds and You Are Good to Go

December 26, 2018

I read “Welcome to Dystopia : China Introduces AI Powered Tracking Uniform in Schools.” The article explains that “China has started to introduce school uniforms which track pupils all the time.”

The “all” is problematic. A student equipped with the new uniform has to take it off, presumably for normal body maintenance and the inevitable cleaning process.

The overstatement, I assume, is designed to make the point that China is going to keep social order using smart software and other tools.

The new uniform  “comes with two chips embedded in the shoulder areas and works with an AI-powered school entrance system, which is equipped with facial recognition cameras.”

Combined with other monitoring gizmos, the question, “Where’s Wong? can be answered in a jiffy. The write up explains:

The entrance system, powered by facial recognition camera, can capture a 20-second-long video of each pupil going in or coming out of the school. The footage will be uploaded onto an app in real time for teachers and parents to watch.An alarm will go off if the school gate detects any pupil who leaves the school without permission,

The article suggests that location and identification takes seconds.

One presumes the search results will be objective and ad free.

Stephen E Arnold, December 26, 2018

Google Privacy Stumbles Over a New Hurdle

November 28, 2018

Out of the frying pan and into the fire for the world’s biggest search engine. The more Google tries to grow, the more it seems to stub its toe on privacy issues. We were treated to the latest episode of this soap opera recently when we read a Next Web story, “Google’s Ethical Black Hole Swallows Deepmind’s Best Intentions.”

In short, healthcare startup, Deepmind, was sold to Google. Despite Deepmind’s promise that client info would not be sold, experts are not convinced that they can trust Google yet.

“There’s good reason for privacy advocates to be concerned, but perhaps the news would be received differently if Google hadn’t spent all year destroying the consumer trust it’s cultivated over the past decade…DeepMind, for its part, says the private data won’t end up connected to Google accounts.”

Additional criticism of Google appears in Fortune Magazine’s “Google Is Accused of ‘Tricking’ Users Into Sharing Location Data Under the EU’s Strict New Privacy Laws.” The magazine reports that a document prepared by the Norwegian Consumer Council explains some of Google’s more interesting methods of obtaining information about a user’s behavior. The tracking vector makes use of Android, Google Maps, and some technical ornaments.

If you want to read the full report, navigate to this link. Fortune included many ads in its short write up, but managed to leave out the link to the source document.

Ah, modern “real” journalists. Ah, Google, always eager to give users control and ways to improve one’s experience.

Patrick Roland, November 23, 2018

Tor: A Reason for Enthusiastic Discussion

October 21, 2018

The Tor Web browser was designed by the Naval Research Institute to protect journalists, human rights activists, and freedom fighters avoid detection in authoritarian governments. However, bad actors also use the browser to power the Dark Web to sell drugs, child pornography, weapons, illegal goods, participate in human trafficking, offer assassination services, and more. Homeland Security investigates in the story, “Is Tor Doing More Harm Than Good? Experts Weigh Costs Of Dark Web.

In May 2018, Virginia Tech held a Dark Web forum that discussed Tor’s impact and whether it was a force for good or bad. The Tor browser is very much like the Internet. When the Internet was first launched it was lauded as a force for good, increasing access to information, communication between people, and more. With the good came the bad, including a new level of crime soon dubbed cyber crimes ranging from child pornography to selling illegal goods. Sound familiar? The Tor Project is supposed to be a force for good and the US State Depart, National Science Foundation, and individuals fund it. Is it worth continuing

“ ‘It’s becoming a place where certain classes of criminals can act with impunity,’ said Gareth Owenson, a senior lecturer in the School of Computing at the University of Portsmouth. ‘At the moment, the U.S. government funds Tor because it believes it is a force for good, that it is promoting human rights in other countries. My view, having studied it for almost five years now, is that overwhelmingly the harm outweighs the good.’”

Eighty percent of the Dark Web sites are dedicated to child pornography in 2014, but it has been reduced to forty percent as of 2018. Bitcoin and other crypto currencies also power the Dark Web. Anonymity is the big draw to the Tor browser and crypto currencies.

Is Tor able to deliver anonymous Web browsing? Sure it is.

Whitney Grace, October 21, 2018

Google: Privacy May Be a Relative Concept

October 3, 2018

Google is concerned about its users privacy. It has options for users to turn off data sharing to protect their privacy. Google says it has these options…supposedly. Fortune shares how Google is breaking its privacy promises in the article, “Google Admits That It Lets Outside Services Share Your Gmail Data.” Google said last year that it would stop scanning users’ emails for keywords to use for targeted ads, but they lied.

When confronted with the deception, Google admitted to the subterfuge and also that they allow third parties to share user information with other third parties. The third parties are supposed to alert users how their information is being used. Does that happen? Probably not.

We learned:

“As Google explained in a blog post following the initial story, the kinds of third-party services that it allows to plug into Gmail include email clients, trip planners and customer relationship management systems. These services, which Google claims to thoroughly vet, typically read emails in an automated way, although humans do sometimes read them too. Users need to actively permit the apps to access their Gmail accounts, and they can revoke permission afterwards. However, Google’s blog post did not talk about the possibility of those third-party services sharing users’ data with other third parties.”

Users apparently had no idea that their data was being shared and Google did not inform them. Google’s privacy policy is broken and they might get away with it in the US, but Europe requires way more transparency. Once again this more proof that the almighty dollar trumps user protection.

Whitney Grace, October 3, 2018

Web Search with Privacy: SearX

August 24, 2018

For far too long we have been living in the Wild West of search: there are too few rules and personal data has been far too fluid. While we wait for the Googles of the world to change their policies (fat chance!) the time has come to find alternatives for those of us who care about keeping their privacy a top priority. We learned more about this revolution from a Make Use Of story, “Avoid Google and Bing: 7 Alternative Search Engines That Value Privacy.”

According to the story:

“Functionally, SearX is a metasearch engiyne, meaning it aggregates data from a number of other search engines then provides you with the best mix available. Results from several of the other search engines on this list—including DuckDuckGo, Qwant, and StartPage—are available. You can customize the engines that SearX uses to find results in the Preferences menu.”

Is a new search engine the answer? Probably not likely. In another time, we might point to the idea that the world has room for more search engines, but with the rise of voice search and the amount of money needed to research this type of thing, the odds of a new search engine taking over for Google or the like is very much impossible. There are other privacy centric Web search systems; for example, Unbubble.

The question becomes, “Are these systems private, or are the data available to authorities with the proper documentation?” Marketing is different from privacy for some people.

Patrick Roland, August 24, 2018

A New Cyber Angle: Differential Traceability

August 20, 2018

Let’s start the week with a bit of jargon: differential traceability.”

How do you separate the bad eggs from the good online? It’s a question we’ve all been wracking our brains to solve ever since the first email was sent. However, the stakes have grown incredibly higher since those innocent days. Recently, some very bright minds have begun digging deeply into the idea of traceability as a way to track down internet offenders and it’s gaining traction, as we discovered from a Communications of the ACM editorial entitled: “Traceability.”

According to the story, it all comes down to differential traceability:

“The ability to trace bad actors to bring them to justice seems to me an important goal in a civilized society. The tension with privacy protection leads to the idea that only under appropriate conditions can privacy be violated. By way of example, consider license plates on cars. They are usually arbitrary identifiers and special authority is needed to match them with the car owners.”

Giving everyone a tag, much like a car, for Internet traffic is an interesting idea. However, much like real license plates, the only ones who will follow the rules will be the ones who aren’t trying to break them.

This phrase meshes nicely with Australia’s proposed legislation to attach fines to specific requests for companies to work around encryption. Cooperate and there is no fine. Fail to cooperate, the company could be fined millions per incident.

Differential? A new concept.

Patrick Roland, August 20, 2018

Google and GPS Tracking

August 13, 2018

You will want to chase down the full text of “Google Tracks Your Movements, Like It or Not.” I read the AP story in Chron. Note that I try not to quote from AP stories because I have zero desire to get involved in a fair use hassle with a large entity like the AP.

The main point of the story, which I assume is accurate, is that Google tracks where its customers go. The location data functions of a mobile phone provide the stream of data. The story asserts that Google collects these data even if the user has made changes to the default settings in the mobile device to disable tracking.

My understanding of the news report is that Google says a user can disable tracking. The AP story asserts that Google is not telling the truth. Thus, the AP asserts, Google possess location data on more than one billion users.

The AP story reports that Google says it is following the white lines set forth in its configuration tools exposed to the user.

Beyond Search finds the assertions interesting. The sources cited in the article include a university researcher from Yale and a graduate student at University of California-Berkeley.

Geolocation functions are “baked in” to most mobile devices. Numerous companies make use of these data. Some companies assert that they can derive location data by cross correlating a range of user generated data inputs. Microsoft invested in Hyas, a firm which allegedly has such capabilities. Our research suggests that Amazon has a similar capability for certain customer applications as part of its streaming data marketplace platform.

Many mobile devices make it possible to obtain location data even when the device is turned off and software settings are configured to disable location information. Specialist firms can disable the GPS circuitry to create “dark phones.” One rumored device with these capabilities is produced in the Middle East. If one has a mobile with a removable battery, the device goes “dead” when power is cut off. Also, Faraday bags make it difficult for monitoring and receiving devices to capture a mobile device’s location. (One option is the Blackout Faraday Shield, and there are bags which cost as little as US$10.)

Net net: The AP story seems to be more about Google doing something in an underhanded way than about GPS data widely used by law enforcement and intelligence professionals.

Beyond Search thinks the story would be more interesting if workarounds like the Faraday bag option were explained. Informed consumers can easily protect their location if and when desired. The singular focus on Google is less useful than a broader, more informed look at GPS usage.

When you read the original AP full text story, you can decide if the write up has an anti Google bias. In Harrod’s Creek, use of GPS data is routine. Google is continuing its personalization methods which have been part of the firm’s systems and methods for many years.

Finding fault with successful online companies may be the new blood sport for traditional news and publishing enterprises anchor4ed in the world of print.

Stephen E Arnold, August 12, 2018

Are Some Google Docs Exposed to Web Indexing Systems?

July 21, 2018

Recently, Russian search giant Yandex reported seeing Google Docs turn up in search results. Previously, this was thought to be impossible. However, this brings up a lot of questions that others have taken for granted: namely, how secure are documents on the cloud? This was looked at more closely in the Media Post story, “Private Google Docs Serve Up In Yandex Search Engine Results.”

According to the story:

“[O]ther search engines can only serve up Google documents that had either been deliberately made public by its authors or when a user publishes a link to a document and makes it available for public access and search… Saving and protecting users’ personal data is our main priority for search engines. A Yandex spokesperson said the search only yields files that don’t require logins or passwords.”

For its part, Google appears to deflect the Yandex observation. Regardless, the Yandex assert arrives near the muddy heels of other security woes like the idea that our Gmail messages and their content could be used by developers. With the Android matter behind it, the EU may look at access to certain Google content.

Patrick Roland, July 21, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta