The most famous man on the lam, NSA whistleblower Edward Snowden, has answered reader questions in a live Q&A on the Guardian’s blog. Snowden skyrocketed to international fame/infamy after leaking a top-secret court order about the National Security Agency’s collection of all U.S. Verizon phone records.

After disappearing from his Hong Kong hideaway, Snowden resurfaced for the online Q&A. You can read the full transcript on The Guardian; we’ve summarized the best of it below (edited for brevity and clarity).

Passion, Righteous Passion

“All I can say right now is the US Government is not going to be able to cover this up by jailing or murdering me. Truth is coming, and it cannot be stopped.”

On Tech Company Denials

“Their denials went through several revisions as it become more and more clear they were misleading and included identical, specific language across companies….They are legally compelled to comply and maintain their silence in regard to specifics of the program, but that does not comply them from ethical obligation. If for example Facebook, Google, Microsoft, and Apple refused to provide this cooperation with the Intelligence Community, what do you think the government would do? Shut them down?”

On Traitor Accusations

“I did not reveal any US operations against legitimate military targets. I pointed out where the NSA has hacked civilian infrastructure such as universities, hospitals, and private businesses because it is dangerous. These nakedly, aggressively criminal acts are wrong no matter the target….I have had no contact with the Chinese government. Just like with the Guardian and the Washington Post, I only work with journalists.”

“Further, it’s important to bear in mind I’m being called a traitor by men like former Vice President Dick Cheney…Being called a traitor by Dick Cheney is the highest honor you can give an American”

Encryption Works, Kind Of

“Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it.”

Context: There are several popular applications to skirt government snooping, but none are perfect. Apple claims, for instance, that because only the sender and receiver of an iMessage SMS can decrypt the data on their respective devices (end-to-end decryption), their service is NSA-proof. End-to-end encryption is far more difficult when the sender and receiver are using different services that may be tapped by the NSA. For secure Internet surfing, the popular anonymous web browser TOR has a thorough how-to blog post. But, if Snowden is to be believed, the NSA has ways of finding most people even with encrypted services.

Mainstream Media: Hot Girlfriend > Massive Surveillance

“Unfortunately, the mainstream media now seems far more interested in what I said when I was 17 or what my girlfriend looks like rather than, say, the largest program of suspicionless surveillance in human history.”

Mandatory pat-on-the-back: TechCrunch has never posted pictures of Snowden’s girlfriend (and, no, we’re not going to link to them either).

Hope, We Believed In It. Now, not so much

“Obama’s campaign promises and election gave me faith that he would lead us toward fixing the problems he outlined in his quest for votes. Many Americans felt similarly. Unfortunately, shortly after assuming power, he closed the door on investigating systemic violations of law, deepened and expanded several abusive programs, and refused to spend the political capital to end the kind of human rights violations like we see in Guantanamo, where men still sit without charge.”

NSA and Warrant-less Monitoring
“NSA likes to use “domestic” as a weasel word here for a number of reasons. The reality is that due to the FISA Amendments Act and its section 702 authorities, Americans’ communications are collected and viewed on a daily basis … “warrant” is more of a templated form they fill out and send to a reliable judge with a rubber stamp.”

No, He Really Isn’t A Spy

“Ask yourself: if I were a Chinese spy, why wouldn’t I have flown directly into Beijing? I could be living in a palace petting a phoenix by now.”

Article courtesy of TechCrunch

Jottacloud, a cloud storage service based in Norway, is promoting itself as a safe and secure haven, free of the NSA’s long reach that it has with services such as SkyDrive, Dropbox and iCloud.

According to a company blog post, the files stored on Jottacloud’s service are protected under Norwegian law, independent of the U.S. Patriot Act. Under U.S. law, companies like Microsoft, Google and Amazon are required to turn over users’ data. The law is also applicable to local subsidiary companies operated around the world. Jottacloud has its own data centers in Norway, and they say users are protected against U.S. legislation.

I love it how companies are starting to tout their NSA-free capabilities. But here’s the thing. That file has a long way to travel before it can be in the safe haven of a Norwegian data center. It may run through countries that don’t protect it from getting snooped.

But that a file is like some fleeing object has its own fascinations. The Internet is more treacherous than ever. It’s getting cast as a place with its own fairy-tale world of both sinister evils and places of light. It’s a juxtaposition that paints the United States and its people as the monsters — the evil snoops. In contrast, the people of Norway are telling the world that all is safe in the land of the Jottacloud — as long as your files can make it there.

Article courtesy of TechCrunch

When it comes to video distribution on the Internet, there are few solutions better than YouTube. The company is the No. 1 place to search for and find the video content that viewers want to watch, and for creators it provides a size and scale of audience it can offer videos to.

That said, a growing number of YouTube creators and multichannel networks are beginning to grumble about the revenue share that the site has with its partners and their inability to monetize their huge audience of viewers on the site. And, increasingly, they’re looking for off-YouTube solutions to better distribute and monetize their videos.

The problem is that distributing video yourself is costly, whereas distribution on YouTube is free. That’s one reason that so many creators got started on the platform in the first place. With the shrinking cost of cameras and editing equipment, as well as the ability to upload and distribute their content for free, YouTube had an incredibly low barrier of entry for its creators.

As a result, the platform attracted a huge number of talented creators who have, in turn, attracted millions of fans. For those who weren’t part of the traditional TV or movie ecosystem, that created an unprecedented opportunity to get paid to do what they love — make videos and talk to fans. For many first-time YouTube partners, the additional income was likely a nice bonus for a hobby that they never expected to get paid for.

But things have changed over the years. Those same creators now have big audiences and have become their own big brands. The problem is that they aren’t getting compensated very well for all that. At least not as well as they’d like.

As the YouTube ecosystem has grown up, it’s gotten a lot more professional. With more professional video equipment, more professional editing equipment, more highly skilled creators. Huge networks have popped up — like Machinima, Maker, and Fullscreen — to help creators improve their content and reach. Some provide tools to boost views and reach new audiences, some help with production, some help improve monetization.

But it’s become increasingly clear that these businesses will have to find other ways of making money — YouTube can’t be their only solution. That’s in part because YouTube takes nearly half of all ad revenues from partners. Not just that, but the typical YouTube ads have relatively low CPMs — all of which means that revenues aren’t as high as they would like and margins end up being constrained.

The problem is that there’s no other solution for easily reaching the size and scale of audience that YouTube offers. For all the talk of some networks creating a YouTube alternative, it will be difficult for them to move the audience over. Not just that, but they won’t benefit from all the network effects and video search advantages that they get from being on YouTube.

With that in mind, a growing number of YouTube partners are looking for other monetization options. Some are building apps for mobile phones, tablets, and connected TV devices. The idea is that they’ll be able to better these apps through ads, when compared to the revenue share that comes from YouTube’s website and mobile applications. They can also own the user experience and have a more engaged connection to their biggest fans.

That is, they’re not looking for a replacement for YouTube, but a way to augment their YouTube audience and monetization through other channels. Partners like VEVO, for instance, have been putting a lot of effort behind owned and operated apps for various devices. And more will likely follow.

It might be pricey to build out their own apps, but at the end of the day, these networks will benefit from additional distribution outlets. It’s not to become independent of YouTube, but to become less dependent on it.

Photo Credit: Rego – d4u.hu via Compfight cc

Article courtesy of TechCrunch

Editor’s note: James Altucher is an investor, programmer, author, and several-times entrepreneur. His latest book is “Choose Yourself!” came out this past June 3 (foreword by Dick Costolo, CEO of Twitter).

I know you do it. We all act like we don’t do it, like we’re all pristine human beings who WOULD NEVER do perverse things like that. But I know you do it. And you do it a lot.

You respond to trolls.

It starts like this: You post something intelligent on the “World Wide Web.” Triple-dub to those in the biz. You expect that the entire world is going to praise you for coming up with the one thing that’s never been said before in the history of mankind.

Then HE shows up. Someone who says something to provoke you. Most of the time you say “troll” to yourself, and you get back to living your larger-than-life existence. But every now and then, the troll takes the place of your father. Or your mother. Or your ex-spouse. Or your ex-something. Some button is pressed. Right there in the center of your head.

And you have to respond. Because…because…because…if you don’t respond then EVERYONE will think maybe this guy is right and you HAVE to set the record straight.

One weekend I had an article right here on TechCrunch. A little over a year ago. The article came out at 8 a.m. on a Saturday. Around 9 p.m. the next day, 37 hours later, my wife came up to me and said, “you know you’ve been glued to that message board all weekend. You NEED TO SHOWER NOW!”

I published a book last week. “Choose Yourself!”  It was No. 1 for all non-fiction for a couple of days, even beating out Sheryl Sandberg’s “Lean In.”

I was very happy. The book is about how we can choose ourselves for success instead of rely on the masters who would love to keep us on a leash. It’s about breaking the shackles so we could have financial freedom. It’s what every TechCrunch reader wants to do.

In the book, among other things, I threw out a challenge. I asked any Internet troll, someone who prides himself on driving people crazy, someone who spends 10 hours a day or more responding to message board comments, to please contact me and describe the mentality.

We all get advice on trolls all the time. I get 100 hate comments a week across various message boards. I’ve even gotten death threats.

But sometimes…sometimes….there’s just those buttons. It’s daddy or mommy and they know how to press them.

Then, in response to the challenge in my book, GVOK wrote me. 

You may know GVOK.

You may know him if you spend thousands of hours on http://www.startrek.com arguing about politics. Or, after he was banned from startrek.com, if you spent another several thousand hours on sistertrek.com. Or if you spend thousands of hours on YouTube arguing whether or not Jesus is real.

GVOK is no teenage, pimply idiot typing out screeds from his high school computer lab.

He wrote: “After graduating law school I worked for a law firm, bored out of my mind and miserable for eight years and was laid off in 2009. I had also bought a large, beautiful house that I am now renting out because I could no longer afford the mortgage.

“Your message that these types of middle jobs will eventually become temp jobs definitely speaks to me.  I never enjoyed working these kinds of jobs anyway. They’re boring, coworkers are gossipy and I always felt underutilized and looked down upon.  Your daily practice you mention inspires me and I can definitely see breaking out on my own.”

But every now and then, the troll takes the place of your father. Or your mother. Or your ex-spouse. Or your ex-something.

So GVOK, while he was at his former job as a high-priced lawyer, started spending hours every day on message boards. His only goal: to drive other people completely insane. All of the bold lettering below is mine. He wrote:

“I’ve had three experiences trolling. Two message boards on Star Trek and one comment section of a Youtube video on whether Jesus was real. Trolls rarely admit they are wrong and I’m no exception. I was converted from being an upstanding board member into a troll by a board bully named Admiralbill.

Now Admiralbill was a staunch Republican, a real ditto head, ex-navy guy from Texas.  He vehemently attacked anyone who remotely espoused a liberal viewpoint.  After it was determined that there were no WMDs in Iraq and the whole basis on the invasion was based upon a false premise I began to have my doubts about conservativism.  This brought me into the cross hairs of Admiralbill.  After a few times being attacked by him and observing him attack others I decided to attack back.  All this is to show that I thought my motives were pure.  

The following is a list of methods I employed:

1. I would post a news article that tended to put the Republican / Conservatives in a bad light. This was obviously intended to push Admiralbill’s buttons but I could always argue that I thought the article was interesting and might stimulate discussion.  It had the effect of putting him on the defense because he felt compelled to respond to it.

2. I would then keep him tired and on the defensive.  I did this by responding quickly and concisely.  When I did post commentary I would keep it short and only address one particular point.  I always found it funny when another poster would get so worked up over something and take the time to write a long drawn out post responding to every single point in the previous post.  I would just choose one point to refute or agree with.  This had the effect negating all the work the previous post made.  I conserved my energy with small posts that took me ten minutes to craft they exhausted themselves with long ones that took an hour.  The longer they take to respond, the more rest I have and the more agitation they feel to get a response out.

3. I usually asked questions in my responses.  This also put him on the defensive because he felt compelled to respond to a direct question.  Thus he never set the tone because he was always responding to the tone I set.  Questions (for some reason) also had the effect of pissing him off.  I naturally asked questions to begin with not thinking this was strategy but once I realized he didn’t like it I did it more.

4. I specifically stated at times that I did not want Admiralbill to respond in specific threads to avoid conflict.  Of course this had the intended opposite effect.

I spent quite a bit of time baiting Admiralbill.  I think it was more than five years before I was banned from the website.  By the time that happened I wanted to be banned.  I needed to end the endless cycle.  It drained my energy.  I was constantly thinking of new ways to piss Admiralbill off.  To this day part of me still hates how mean and self righteous he was.  James, I know you don’t vote but it’s enough motivation for me to vote Democrat knowing that in some small way it gets back at him.

There’s definitely an addictive cycle when it comes to trolling.  The exhilaration is the drug that for a moment takes away the pain I feel during the 90% of the rest of the cycle.

I can only speak for myself but I suspect most trolls (and people who engage in e-debates in general) probably share a common personality type.  They probably work jobs or live lives that are in someway unsatisfying.  They want to feel special and crave attention and respect.  They are highly dependent on the opinions of other people.

And this is really at the heart of the matter, a message board troll feels intense shame.  It is shame that motivates him to shame others.  Where this shame comes from is a whole other discussion but part of it definitely had to do with working a job I hated for so long.

As you mention in your book it is basically pointless to try to change another person’s mind but I suppose at some level I was also operating under the delusion that if I said the right thing he would admit he was wrong.”

I asked GVOK three questions in response:

1. Did you ever feel like it was a waste of time? Like, maybe you could’ve been finding a better job or relationship or whatever?
2. Did you ever get really really angry?
3. Would you get mad if someone didn’t respond to you?

His response.

“Oh wow.  You responding just made my day - sitting here auditing legal bills in the basement of my parents’ house on a rainy day.

 There is an interesting connection between trolling and working these boring corporate / cubicle jobs that became clear to me after reading your book. You feel intense shame, you are bored, you have access to the internet – of course you will end up trolling!”

And he ended his discourse with:

“Thanks”.

GVOK, you’re welcome.

Article courtesy of TechCrunch

Google X, the secretive lab behind projects like Google Glass and Google’s self-driving cars, announced its latest project today: balloon-powered Internet access for those areas of the earth where regular terrestrial Internet isn’t a good option. Earlier this week, Google started testing these balloons, which are meant to provide Internet access comparable to 3G networks while sailing the stratospheric winds, in New Zealand.

We had previously heard rumors about this, but just like most of Google X’s projects, this idea sounded like a long shot. Using free-flying balloons, after all, sounds like a recipe for disaster – or at least for run-away balloons.

Because the whole idea sounds a bit crazy, Google says, it’s calling this initiative “Project Loon.” Google, however, believes that it has found a way to let these balloons “sail freely on the winds” and steer them by moving them up or down to catch the right winds. This still means the team has to manage a fleet of these balloons – and the idea here is to one day have these fly these around the world. Google says it’s solving this problem “with some complex algorithms and lots of computing power.”

Currently, Google says it is using 30 balloons in this pilot project and about 50 testers in New Zealand are using the service on the ground.

Google, and its chairman Eric Schmidt in particular, have long been talking about the importance of getting those two-thirds of the earth’s population who don’t currently have Internet access online. Project Loon is meant to help solve this problem, Google notes. Not only could it bring Internet access to areas where today’s technologies don’t work well (jungles, archipelagos, mountains), but it seems Google also hopes that this balloon-powered network can help bring down the price of Internet access in many countries where it’s currently unaffordable for many people.

Article courtesy of TechCrunch

When we last left off with the Loog Guitar by Rafael Atijas it had blown past its funding goals on Kickstarter in early 2011 and shipped with much fanfare making it one of the first successful Kickstarter projects on our radar. In the interim it’s become a mini-phenomenon and, most important, people have started using the three-stringed instruments to record albums.

Case in point: Pip Blom is a 16-year-old singer-songwriter who wrote an an entire record using the Loog. You can listen to the whole thing on Bandcamp and she is selling the albums to pay for a trip to Teenage Kicks, a band camp in Vlieland in the Netherlands. In short, it’s a crowdfunded project that helped student complete another crowdfunded projects. To paraphrase an old lady: It’s crowdfunding all the way down.

The music itself is quite charming and well-recorded and Pip herself is ready to appear at the Glastonbury festival, if they’ll have her.

Short Stories by Pip Blom

This cool connection shows the power of crowdfunding. Rafael wanted to make a fun, inexpensive guitar for kids and he was able to depend on the kindness of the Internet to help him make it. In turn, Pip can use that same guitar to follow her dream just as any student with a Loog can learn a few chords and make some really nice music. When people talk about the value of crowdsourcing, this is what they mean: the little accidents that connect people to help push the state of the art forward. It’s not just a pre-order engine, it’s an engine of creativity.

Article courtesy of TechCrunch

Vitamin sales is big business: in the U.S. alone in 2012, it was worth $9.3 billion in sales, and the opportunity is only growing, as more consumers turn to preventative medicine and health strategies in the face of tightening budgets and less access to health care. Toronto startup Koge wants to revolutionize the process of vitamin sales, using the recently-popular subscription goods model, along with leveraging data analytics for personalization.

Koge thinks that there are inherent problems in the way vitamins are currently sold and distributed, with problems at the sales level (customer service reps recommend expensive, big-name brands over other cheaper options that are just as good), busy schedules prevent people from sticking to a supplement regimen, and there’s an overabundance of choice and not enough help to sift through all that information. Koge wants to address all those pain points, starting with the process of choosing what works for each individual and making ordering easy.

Users of its website select a specific track of vitamins they want to take, depending on their goals or identity. Right now, Koge is keeping that to a very simple formula, by offering a choice between four different categories: one for general energy, one for women, one for men and one for protein content specifically. The aim was to get some level of tailored product out the door quickly, but still keep things simple, but in the future Koge’s goal is to launch personalized vitamin selections tailored to each individual, something which Koge co-founder Alex Hyssen says the startup should be ready to launch sometime later this year.

Hyssen is another of the startup’s key differentiating factors, since he brings to Koge years of experience in the family business of supplements and vitamins. His family is behind the Herbal Magic chain of vitamin-powered weight loss clinics, and his ties to the vitamin industry mean that unlike others, Koge can access supply cost effectively and at smaller scales, so they don’t need to worry about competing with big volume orders. Koge is vertically integrated with North America’s largest vitamin manufacturer, Hyssen says, and that company is investing in its next round of funding, too.

Finally, Koge has just secured a relationship with Loblaws, Canada’s leading grocery store chain, to provide Koge products in-store. They’ll offer the same kind of tracked vitamin shopping experience, but from store shelves, as part of the pilot project. It’s big in terms of getting the brand out there and earning consumer trust, which is key for anyone trying to sell health and wellness products on the internet.

Koge still has big challenges: it needs to figure out the right way to make sure that customers actually follow through on sticking to a regimen of taking vitamins, and Hyssen says they’ve been testing things like text-based reminders, phone calls, virtually anything and are still looking for the right solution. But it’s off to a good start, and plans are quickly coming together for the imminent U.S. launch.

Article courtesy of TechCrunch

George Lucas and Steven Spielberg aren’t so bullish on the future of the film industry. At a talk at USC, the pair agreed that it’s on track to have a “massive implosion”. At the core of their argument: there just isn’t enough time in the day for consumers to support all the films released in theaters. Films are competing with all the content and options that the Internet provides.

Studios in Hollywood are the equivalent of venture capital firms of Silicon Valley. They live and die on the homeruns. Each movie could be thought of as a startup. It all starts with an idea and grows into a team that creates and releases some piece of content out into the world where it’s loved or hated. When loved, you get Christopher Nolan’s Batman, and when it’s hated, you get any Ben Affleck movie from 2000 – 2010.

The summer is filled with the biggest bets. The cost to produce and market a single film these days can balloon to over $300 million. The studios need a film to pull in nearly a billion in box office revenue, the same on DVD and have a good, multi-year sale to television for it to be considered a success. Sprinkle in some airplane viewing rights and that’s a win for them.

Lucas and Spielberg don’t think that’s a sustainable model. Soon, a couple of those megabudget films are going to nosedive, and everything will change.

They suggest the marketplace will contract because there isn’t enough time in the week for us to go to the movies anymore. With Netflix producing top quality content, and video games cutting into weekends, it leaves little room for date night out at the cineplex. It’s getting so bad that Lucas complains about how hard it is even for him to get a film in a theater. This should probably make producers of films nervous.

The duo says that the studios will be forced to reevaluate how to distribute films. Perhaps a film like Lincoln will cost less to see than, say Iron Man? Or perhaps, we don’t even get movies like Lincoln in theaters anymore. They will come straight to our homes. And actually going to the theater? It’s going to change to a model where a movie will cost $50+, but it’ll become a more high end experience with movies staying in the theater for a year or more. Or, just don’t make shitty films.

For over a decade, the films that can’t find an audience in the theater have found their niche on the internet where they can be marketed and sold on iTunes to those who will love them. Companies like Netflix and Hulu are able to focus on these niches and program specifically for them, for much cheaper than the $300 million it cost to release a summer film.

That translates to these Internet companies being able to take bigger risks on content, similar to HBO’s model. And technology winning.

Image via Francesco Dazzi

Article courtesy of TechCrunch

Today was the Extreme Startups Spring 2013 Demo Day in Toronto, and the cohort of five startups all delivered. The list this time included Brika, Instaradio, Koge, Polychart and Sciencescape. It was an incredibly diverse group, targeting verticals ranging from ecommerce to media to business intelligence, but it’s rare to see a group so focused and prepared on the day. That’s a credit to the Extreme Startups prep process, and to the general maturity of the companies involved.

Here’s a brief summary of all the companies involved:

BRIKA -This company is essentially a hybrid of Etsy and Fab, curating maker-created goods with a focus on tastemaking. The founders both have lots of experience in both retail and fashion, and came together because of a mutual love for unique goods and tailored fashion recommendations. The startup itself is based around the idea that what Etsy provides is a good start, but what the maker community really needs is a better way to tell the story of goods and their creators. The company uses a drop shipping model to make sure that it never has to carry on-hand inventory, reducing costs.

The company has been building its traction since joining Extreme Startups, and says that both members and total sales are up since joining. They’ve closed $500,000 of their $1 million round.

Instaradio – As the name suggests, to some extent Instaradio wants to become the Instagram of audio content. Heard that before? So have I. But this company’s focus on live broadcasts and instant sharing of otherwise closed off events sets it apart. A user, for instance a comedian can start broadcasting their set, and instead of just serving a small audience of around 50 people max, the startup says some of their early users have seen traction of upwards of 1,000 listeners for a single broadcast.

So far, the company has had its app live for only 10 days, with 4,000 downloads and 8,000 broadcasts from its users. Their ultimate goal is to build a PA network of as many devices as possible, leverages all the mics we have everywhere. Sounds like it might be right up Robert Scoble’s alley.

Koge – This is a vitamin ecommerce business that’s taking the monthly subscription approach to health supplements. It’s a business that has gotten a lot of traction already since joining Extreme Startups, with a new partnership bringing it into Loblaws, a leading Canadian grocery chain, which should help immensely with introducing the idea to new customers who are unsure of buying vitamins from the Internet.

Polychart – A business intelligent startup that wants to leverage visual charts and other easily interpretable forms of data delivery to let everyday users who aren’t necessarily data scientists take advantage of big data trends. It’s a startup that will face a lot of competition in this booming market, but it really does seem to have nailed the drag and drop mechanics of making a truly user-friendly solution, so long as it gets the data sources right.

Sciencescape – The Toronto-based Sciencescape is a startup that’s operating in the hot medical research space. ResearchGate just landed a $35 million investment from Bill Gates and others. And Mendeley was acquired for between $70 and $100 million in early April, bought by publisher Elsevier. But Sciencescape is doing something different from either of these, trying to curate and make sense of the various bits of academic research that are flooding knowledge networks these days. Journal publications have skyrocketed, the startup says, and there’s nothing good to deal with it yet, hence the market need.

All the companies involved had raised at least half of their initial seed funding, and each had a clear go-to-market strategy in place. The keynote address by SoftTech VC partner Charles Hudson was all about how Canada seemed like a tricky place to invest, but how strong companies and continued investment from a few early pioneers has helped the startup community explode, especially for SV-based VC firms. This crop of companies is a good example of why those investors are looking north, and why they will likely continue to do so.

Article courtesy of TechCrunch

You know those people who put tape over their laptop’s webcam to keep digital peeping toms at bay? They’re not crazy.

A new proof of concept is making the rounds today that demonstrates how a hacker can snap pics off your webcam, right through the browser, with no consent required.

Well, technically, you are giving consent. You just wouldn’t know it.

Outlined by security consultant Egor Homakov, the hack brings in a few old tricks to work around Flash’s requirement that a user explicitly grants a website permission before it can access their camera or microphone.

Without going into to much detail, the demo uses a bunch of fancy CSS/HTML trickery to render Flash’s permission prompt in a transparent layer, placing the now invisible “Allow” button directly above something the user is likely to click — like, say, the “Play” button on a video.

The basic technique, dubbed Clickjacking, is nothing new. I’d actually generally avoid writing about things like this, if it were new, to keep the word from spreading before the companies got a chance to fix it — but these techniques are already very well known in the hacking world. In fact, a post on Adobe’s security blog suggests that they fixed the bug (or a similar one) way back in 2011. “No user action or Flash Player product update are required,” it reads.

And yet… it still works. We tested the proof of concept on the latest build of Chrome for Mac, and it pulled from our webcam without issue or any visible prompt. Others have found the exploit to work on IE10, but it seems to be patched on the most recent releases of Safari and Firefox. When it works, the only evidence that the camera was ever accessed is a near instant and oh-so-easy-to-miss blink of the LED indicator.

You can test the proof of concept yourself here (Heads Up: If you consider girls in bikinis to be NSFW, that link is NSFW. Also, it’ll take a picture of you, though the author claims he’s not storing them — but clarifies that someone could, if they wanted).

If your browser doesn’t visibly render the permission box and clicking the play button snaps a picture of you, your browser fails the test. If it shows the permission box or blocks the click, you’re safe (from this specific exploit, at least).

So, why is this a big deal? Imagine you’re perusing some of the Internet’s more, erm, intimate websites. You’ve fallen down the rabbit hole, finding yourself 3 or 4 sites away from the trusted one you started at. You click “Play” on something that suits your particular fancy and.. surprise! The LED on your webcam flicks on, and two seconds later you’re looking at a freshly snapped picture of yourself on screen, hands …wherever they might be.

Fortunately, getting a solid layer of protection against such exploits moving forward is pretty straightforward. For one, you can tape up that webcam — it’s a bit tinfoil hat, sure, but it’s better than having a photo of your bad bits blasted out to the Internet on some shady-ass Tumblr. Second, consider using Firefox* with something like NoScript, disabling it only for trusted sites.

Oh, and yeah, insert the obligatory NSA/PRISM joke here.

[*NoScript-esque extensions exist for Chrome, but I've yet to find one that is as dependable or user-friendly]

Creepy eye picture above is courtesy of Robert Montalvo, used under Creative Commons

Article courtesy of TechCrunch