Category Archives: Privacy


Zfone for Mac now available

Last month I blogged about Zfone. The Mac version is now out for public beta. A Windows version is expected for mid-April. Some aspects remind me of the PGPfone product of the last decade but updated to support the now common SIP protocol used by VOIP applications. However, unlike PGPfone, Zfone is not a standalone client but rather middleware that runs along side, and adds encryption capabilities, to a user’s already existing SIP softphone client.

In a related story, the VOIP and Gadgets Blog reports that Counterpath is set to release version 1.5 of its EyeBeam VOIP and video conferencing client – and one of the features is support for Secure Real-time Transport Protocol (SRTP) streams to secure the voice and video connections. While it is still extremely difficult to find a VOIP service provider that supports SRTP encryption, hopefully making the capability available to a wide group of potential users will generate demand and lead to the wider availability of more secure VOIP services.

TigerDirect and Privacy

TigerDirect does business in Ontario both through a retail outlet located in Markham as well as through online sales through Like other major retailers, TigerDirect advertises prices for some of its products that include the deduction of mail in rebates. However, TigerDirect utilizes a company called OnRebate, located in Florida, to process some or all of its rebates. OnRebate, as a condition of processing a rebate, requires TigerDirect customers to provide a verifiable e-mail address. Also, such customers must consent to receiving OnRebate’s newsletters and promotional material sent by or on behalf of its other third party customers. Canadian privacy legislation requires businesses doing business in Canada to only collect personal information to the extent required in order to provide a particular service. Why is an email address required in order to process rebates when the entire process is typically performed by mail? Is the rebate amount actually a true deduction from the purchase price of an item if the consumer must also provide an email address and consent to receive marketing materials (which both likely constitute additional consideration)? Hopefully TigerDirect has contractually obligated OnRebate to otherwise comply with Canadian privacy law requirements when performing services on behalf of TigerDirect in respect of Canadian customers.

2006-04-04 Follow up: Its been about 3 weeks and I’ve received email confirmation from OnRebate that they’ve “accepted” my rebate application. However, they advise that my cheque should be arriving in 10-12 weeks. Another 2.5 to 3 months. Meanwhile, they took the opportunity (in their notification email) to spam me with advertisements for TigerDirect even though I had specifically advised them that I did not want them using my email for any purpose unrelated to the processing of my rebate application.

Google to offer online storage

After notes were found in a Google presentation for analysts, stories are circulating that Google may have plans in the works for an online drive which can be used to store a copy of certain data on a user’s hard drive. There will probably be privacy concerns identified but I wonder how long it would be before someone develops a hack (an “enhancement”) that can encrypt the data before it is sent to Google’s servers.

Sierra Wireless, VOQ, Tiger Direct and Privacy

I noticed yesterday that TigerDirect was dumping Siera Wireless’ now discontinued VOQ Professional Phone at a really attractive price. The phone originally sold for about $500-600 about 18 months ago and at the time I was seriously considering buying it. Instead, I opted for a different smartphone and was glad that I did given Sierra Wireless’ decision to get out of the cell phone business.

In any case, I picked up one of the phones at the Toronto outlet store today. It was not labeled as used or refurbished and was made to look new. I got it home and started to look around. To my surprise, it contained 135 SMS messages (received throughout 2004 and early 2005), many of which obviously belonged the phone’s previous owner – he had quite an adventure to Meca and Medina in Saudi Arabia, and then was apparently looking for a house in Toronto. It contained birthday messages (so one would know his birthday) and his anniversary (two common items used for authentication by many businesses). It contained a password for something called Rogers Desktop (he was a Rogers Wireless subscriber) as well as activation codes for certain services. Amazingly, it also contained login credentials to access what appeared to be a corporate email account at Sun Microsystems. I’ve deleted everything but it just highlights to me the dangers of sending malfunctioning computer equipment to the manufacturers who then “refurbish” or “recondition” it without even going to the trouble of performing a “factory reset” to wipe the memory on the device. And it was disappointing that Tiger Direct does not prominently note that the product is factory recertified. Also, I guess the term factory recertified at Tiger Direct means that product could have been used for more than a year.

CRTC seesk comments on National Do Not Call List and Telemarketing Rules

The Canadian Radio-television and Telecommunications Commission (CRTC) has released a public notice asking for input on the development and operation of a National Do Not Call List (DNCL) and on telemarketing rules. The CRTC has been authorized to establish a national DNCL, select a third-party administrator for the national DNCL, and to levy administrative monetary penalties. The Commission will be holding a public proceeding to address many issues such as:

  • what the specific DNCL rules should be; and
  • which, if any, of the existing telemarketing rules continue to be necessary and appropriate
  • Washington Post leaves electronic crumbs

    I guess the Washington Post needs a refresher 101 course in electronic evidence. Seems they ran a story about a hacker whose identity there were trying to keep anonymous. So the newspaper provided only a few details about the hacker – his age, the fact that he smoked and a general description of three nearby businesses. A “modified” photo was also provided. However, it appears that the modified photo contained meta data that revealed the name of the photographer and the city where the photograph was taken (a small city of about 2.6 square miles and a population of only about 2,800 people). With those details, it would not be hard to identify the subject of the article.

    From cNET news