A prodigious 18-year-old bug hunter from Chicago has discovered and reported a critical vulnerability in a LinkedIn social button that could have been abused to harvest LinkedIn user information, some of which may not have been public.
Software developer Marco Chiappetta has built a Google Chrome extension that can detect attempts to fingerprint text using the "zero-width character" technique.
Around 20% of today's top VPN solutions are leaking the customer's IP address via a WebRTC bug known since January 2015, and which apparently some VPN providers have never heard of.
Several Facebook users who downloaded an archive of their Facebook data in the wake of the Facebook-Cambridge Analytica scandal discovered this week that the social network's mobile applications have been recording —in some cases— much more information than most people were expecting.
Starting with Firefox 60 —expected to be released in May 2018— websites won't be able to use Firefox to access data from sensors that provide proximity distances and ambient light information.
Malicious app developers can secretly abuse a macOS API function to take screenshots of the user's screen and then use OCR (Optical Character Recognition) to programmatically read the text found in the image.
Strava, a fitness tracking application that logs users' movements as they cycle, surf, or jog, has accidentally exposed or confirmed the location of various military bases and facilities all over the world.
The US Customs and Border Protection (CBP) agency published last week a new guideline containing updated procedures for searching travelers' electronic devices at US borders.
Two security researchers —Vangelis Stykas and Michael Gruhn— have published a report on a series of vulnerabilities that they named "Trackmageddon" that affect several GPS and location tracking services.
Princeton privacy experts are warning that advertising and analytics firms can secretly extract site usernames from browsers using hidden login fields and tie non-authenticated users visiting a site with their profiles or emails on that domain.
For the second year in a row, "123456" remained the top password among the millions of cleartext passwords exposed online thanks to data breach incidents at various providers.
Google announced plans to crack down on Android applications that fail to warn users when they are collecting personal data. The OS maker is giving app developers 60 days to fix their issues and update apps with notifications of their full practices. In case app developers fail to comply, Google will take it upon itself to warn users
A collaborative effort between the Yale Privacy Lab and Exodus Privacy has shed light on dozens of invasive trackers that are embedded within Android applications and record user activity, sometimes without user consent.
Germany's Federal Network Agency (Bundesnetzagentur), the country's telecommunications agency, has banned the sale of children's smartwatches after it classified such devices as "prohibited listening devices."
The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses.
User targeting capabilities provided by mobile advertisers can also be abused to track users with an accuracy of 8 meters and for a budget of $1,000 or less.