CookieBot Report: 25 of 28 EU Government Websites not GDPR Compliant

Last night I came across and interesting study that just makes me shake my head. This would be the news that, according to a new study by researchers a fringe company known as “CookieBot,” 25 of 28 Government websites across the European Union (EU) are actively hosting ad tech trackers on their websites. This marks a significant discovery because this sort of activity logging is strictly forbidden under GDPR rules and regulations designed to protect user Anonymity and data confidentiality online.

To gather results, researchers scanned 184,683 pages affiliated with 28 .gov domains, discovering “third-party advertising technology (ad tech) trackers from 112 companies” on 89% of the pages scanned. CookieBot claims that the vast majority of these sort of trackers were discovered on third party plugins installed on the Governments pages, including plugin’s for things like “video players, social sharing widgets, web analytics, galleries and comments sections.” Other trackers were secretly installed to gather information on a visitors health condition so that they could later be targeted by ads for it, a practice strictly forbidden under Article 9 of the GDPR dating back to 2019. Through it all, the only countries found to be in full compliance with their own laws were Germany, Spain and the Netherlands. I could explain the results/methodology of the study in more detail, but I’d rather just have you read it for yourself – enjoy.

Read More – About How Other EU Policies Have Violated User Privacy/Security Online: https://roguemedia.co/2018/11/10/another-day-another-wordpress-plugin-designed-to-comply-with-eu-law-compromised/
Download CookieBot’s Report for Yourself: https://www.cookiebot.com/media/1121/cookiebot-report-2019-medium-size.pdf

Read Full Report:

[pdf-embedder url=”https://roguemedia.co/wp-content/uploads/2019/03/cookiebot-report-2019-medium-size.pdf”]

Another Day, Another WordPress Plugin Designed To Comply with EU Law Compromised

As was reported by Catalin Cimpanu of ZDNet yesterday, November 9th 2018, earlier this month researches discovered vulnerabilities in a new WordPress plugin used to help site owners comply with GDPR Laws passed by the European Union earlier this year. According to Cimpanu, the WP GDPR Compliance plugin produced by Van Ons was effected, potentially compromising over 100,000 WordPress owners whom have already installed it on their sites before November 2018.

Hackers have exploited –and are currently continuing to exploit– a now-patched zero-day vulnerability in a popular WordPress (WP GDPR Compliance) plugin to install backdoors and take over sites” Cimpanu explained. Adding that “this backdoor script contains a file manager, terminal emulator, and a PHP eval() function runner,” allowing hackers to install further payloads at their discretion. “The second and supposedly more silent technique involves using the WP GDPR Compliance bug to add a new task to WP-Cron. The hackers’ cron job downloads and installs the 2MB Autocode plugin, which attackers later use to upload another backdoor script on the site.

It is important to note that Van Ons pulled the plugin off WordPress earlier this week, before placing it back online on November 7th – after the 0day vulnerability was patched. The plugin is safe to install today, but all of the sites that installed previous versions of the plugin before November 7th are still potentially compromised.

I don’t bring this story up to fill air time or report what Catalin Cimpanu has already reported a second time, just using different words. I bring this up because last year I had my website compromised by a different WordPress plugin, also designed to help website owners comply with EU laws and regulations. More specifically, my website was compromised by the EU Cookie Consent widget placed on WordPress, mandated by EU law, which allowed 3rd parties to run crypto-miners in the background of the web browsers of visitors visiting my website. I also wasn’t alone, this scam compromised over 200 websites before it was first reported – that researchers could even confirm. However, given that the EU Cookie Consent widget comes pre-installed on every premium WordPress theme/account, there is no telling how many sites were actually effected by the hack.

Granted I am an American website owner and do not have to comply with EU Laws if I don’t want to, what troubles me is the fact these plugins or widgets are only being installed so site owners can comply with EU law. In other words, these people are only being hacked because they are trying to follow the law. I was only hacked because I wanted to appear more professional and willing to appeal to a global audience. To this day I do not have to collect cookies if I do not want to, I do it to comply with GDPR rules so they cant decide to limit my site or audience. Quite frankly, it is irresponsible for the European Union to force website owners to install all of these measures without releasing software guaranteed to help keep people/site owners safe when doing so. GDPR rules and regulations were designed to keep people safe, not make it easier to hack websites – something WordPress and the EU needs to look at more carefully throughout the future.

Building/Selecting Safer Web Browsers

As I was going about re-configuring my website and domains earlier this week I noticed something very interesting, while my SSL Certificate was in the process of being authenticated I was able to access my unsecured website on every web browser except for one; Mozilla Firefox – which would not allow me to connect to the web page in order to keep me protected.

Just so you understand what I am talking about here, browsers like Microsoft Edge, Google Chrome and Apple Safari will all freely allow you to access a web page which has the potential to compromise your security – including websites which do not have an authenticated or verified SSL Certificates. This is because these web browsers are configured to be “convenient” and easy to use, security is either nonexistent or an afterthought on these particular browsers. With that said, there are a number of web browsers out there specifically designed around security, which also happen to be equally as easy to use/operate. Here are some of those browsers, along with some other helpful information to help you make more informed security choices online in the future.

Mozilla Firefox

Mozilla Firefox is considered by some to be the world’s most secure web browser. I say “some” specifically because many people would argue that Tor is actually the most secure browser out there. However, without Mozilla Firefox the Tor browser wouldn’t even exist. This is because Tor uses the source code of Firefox as the foundation to build their browser. As for why I personally consider Firefox more secure than Tor, this is because the DarkNet is inherently a much more dangerous place than the ClearNet, and you can’t access the DarkNet or Deep Web on Mozilla Firefox alone. Browsing through and interacting with the Deep Web, even while using Tor, naturally puts you and your security at a much higher risk.

What makes Firefox particularly unique is that much like WordPress.com, the browser allows you to install various Add-Ons, extensions or plugins that can help you maximize your security. For the purposes of this article, if you are going to use Mozilla Firefox, I highly recommend that you install NoScript, Ad Blocker Ultimate and Disable WebRTC connections. There are more plugins than I could possibly mention here, those are just some of the most important ones you can install specifically in terms of online security.

WebRTC is a little talked about “glitch” that allows third parties to circumvent your security and compromise your systems, even when you are using a VPN or Proxy service. As of today, Mozilla is the only web platform I am aware of that allows you to disable all WebRTC connections entirely. By comparison, other browsers like Google Chrome literally ban people from disabling WebRTC connections through their browser, as to allow US “authorities” like the NSA and FBI to more easily hack and track users online if need be. However, non-Government hackers exploit WebRTC all the same as Federal hackers, and for all the same reasons.

Download Firefox Here: https://www.mozilla.org/en-US/firefox/download/

Tor

I understand that the Tor Browser has gone on to develop a slightly negative reputation in today’s society but, believe it or not, the Tor Project was first developed by and still receives a majority of its funding from the United States Department of Defense. It is important to understand that even though some people use Tor to do some pretty bad or illegal things, just like anything else in life, the browser is only what you make of it.

Tor was not developed for criminals, it was first developed by the US Government in order to keep agents, operatives and members of the Armed Forces safe and secure online. It just so happens that over time the browser and its systems were hijacked by criminals and terrorists alike, whom also need to remain hidden and secure online for many of the same reasons as Government employees.

The Tor browser works by bouncing your internet connection through thousands of individual “proxy servers” around the world on a perpetual randomized time loop. At any given moment in time your internet connection could be bouncing from Thailand to Venezuela to Canada and theoretically anywhere in between, concealing your computers identity and making your internet activity essentially impossible to trace. In addition to redirecting your internet traffic away from the eyes of your Internet Service Provider, it also conceals the IP Address of the computer you are using behind a proxy. This is particularly important/valuable for political activists and human rights defenders living in oppressive countries all around there world, where peoples online activity can get them arrested or killed. Since the browser directs all of you online activity to different countries around the world, this allows activists to remain hidden from their Governments while also granting them access to any sites banned or restricted by their respective Governments.

It is important to note that Tor is perhaps the best web browser at preventing or deflecting an active hacking attempt against your computer. However, I would never use Tor for things like credit card transactions or editing/customizing your personal website. This is because anytime you are using a proxy you are using someone else’s connection. While this may hide your internet activity from 3rd parties, it makes you internet activity available specifically to the owner of whatever proxy server you happen to be using at that time, and not every proxy server exists with honorable intentions – though “most” Tor exit node operators tend to be trusted activists.

Download Tor Here: https://www.torproject.org/download/download-easy.html.en

Opera

Opera is a little known web browser that has traditionally had a minuscule following throughout the past. However, in 2016, Opera started to gain a more main stream following, particularly with the cyber security community, after the browser started to become standard with a built in VPN. This means that the Opera browser stands in front of your computers IP Address while you browse the internet and your activity will remain hidden from your Internet Service Provider and/or 3rd parties. While the VPN is far from the strongest of safest on the market, it is still a very unique feature that has helped the browser grow in popularity over the years.

Download Opera Here: http://www.opera.com/

Epic Privacy Browser

One of the newer browsers on the market, Epic is specifically designed around online security. Each time you close the browser all of your cookies and tracking information is automatically deleted, preventing any websites from remembering or recording your previous activity. Similar to Opera, the Epic Privacy Browser also connects your computer through the companies own servers, acting as a proxy service for your device. This prevents any hackers/websites from recording the IP Address of the device you are using to browse the internet. Additionally, much like Mozilla, the browser will not allow you to connect with or access any site that does not have a recognized SSL Certificate.

Download Epic Here: https://www.epicbrowser.com/

Browser History, Cache & Cookie Management

If someone gains access to your computer for malicious reasons one of the first things they are going to want to do is check your browser history to gain access to websites and accounts that you frequent the most. Just think for a moment about all the pages you visit online, that you do not need to log into every time you visit. While this may be convenient for your personal browsing habits, it is also very convenient for hackers.

For this reason, you should always delete your browser history and clear all browser cookies on a fairly regular basis. You would be surprised to know how much information your browser stores/remembers about you, until you delete it all. Please note that some browsers offer to delete cache and cookies through the settings menu and some anti-virus programs also offer to do the same. However, if you cannot find or do not own these programs, one of the best programs to clear history, cookies, cache and everything else is known as CCleaner and it is completely free and open source for anyone to own. The “C” in CCleaner literally stands for “Crap,” because the program deletes all of the useless crap you’re your computer happens to store about you. The program itself is entirely free to own, but it is one of the most effective programs on the market. For example, even multi-billion dollar tech companies are known to use the program on a regular basis.

Download CCleaner Here: www.ccleaner.com/download