In the interest of protecting children, a new iOS application called AppCertain has debuted a monitoring application aimed at parents. The app, whose goal is to alert parents about the nature of the applications their kids are downloading, involves the use of a “configuration profile” – special software Apple originally intended for enterprise use, not consumer-facing apps sold through its App Store marketplace.

But Apple reviewed the application – for longer than most, founder and CEO Spencer Whitman tells us – and subsequently approved it. For how long that will remain the case, however, is unknown.

“We think we are on a gray line with respect to Apple, but we don’t really know,” Whitman admits.

Configuration profiles, for those unfamiliar, were designed for the enterprise environment, allowing I.T. departments to manage the iPhones and iPads used by a company’s employees. They’re typically employed by Mobile Device Management solutions which use the software to configure, track and/or restrict a number of system-level settings like Wi-Fi, VPNs, app settings, permissions, and more.

But more recently, a handful of startups have started using these same profiles to work around Apple’s App Store’s restrictions in order to accomplish tasks which wouldn’t otherwise be possible. Apple is aware this is happening, and seems to be handling each app submission on a one-off basis for now.

We’ve seen mobile data compression utilities like Onavo and Snappli take advantage of the technology to intercept, re-route, and compress web data in order to save users’ bandwidth, for instance. Social search engine Wajam also uses a configuration profile to inject its own search results into Safari, though this is done outside of the Apple App Store.

Onavo is still live on the Apple App Store today, though Snappli has since disappeared. (We reached out to the company for details, but have yet to hear back. It’s possible that Apple simply didn’t care for the fact that Snappli had publicly shared data showing how iOS users were dumping the then newly-launched Apple Maps application.)

But frankly, it seems odd that Apple would knowingly ever let these types of applications into its consumer-facing app store in the first place, given the security risks they could pose. If used unscrupulously, a malicious configuration profile could remote control a user’s device, manipulate user activity, and hijack their sessions, or so explained security researchers at Skycure back in March.

AppCertain isn’t a malicious developer, though, and its intentions are not to control or restrict how an Apple device is used, which would then be stepping on top of Apple’s own, built-in Parental Control features. Instead, it only monitors app downloads and reports back to parents via email that an app was downloaded, explaining what the app does, as well as what sorts of permissions it requests, and more.

The idea is to alert parents about the apps their child uses, including whether or not they have educational value. It doesn’t prevent the child from actually downloading or installing apps.

The service, staffed by a number of Carnegie Mellon University alumni, first launched to the web in February after being incubated by seed and studio fund Birchmere Labs.

Whitman explained at the time that the company wanted to help busy parents, who often have a hard time keeping up with what their children are installing and using. It’s not only a problem that affects tech novices, he had said. Even savvy parents often forget or get too busy to keep a close eye on their children’s devices. And these devices, little mini-computers that they are, are not without risks.

Parental Controls Outside Of Apple’s Control

While AppCertain is trying to go the official, Apple-approved route with its creation, another company, a small German app consultancy called Mocava, is not. Its new Parental Control application is an over-the-air install only, knowing that Apple would never approve it for App Store download.

Mocava owner Vinh Phuc Dinh says that he created the app to address a situation he found himself in all the time. “I have many nephews, and would pass on my device for them to play,” he tells us. “Unfortunately, there is no easy way to restrict access on the iPhone and save the desired preferences. So we built it ourselves.”

What he means is that though Apple offers parental control features, it’s not the right solution for those who only need controls on occasion. With his Parental Control App, you can quickly turn on restrictions without having to reconfigure them from scratch them each time you hand your phone or iPad to a child. Even if Apple’s restrictions are turned off, the tool will remember your settings.

You can restrict certain default apps from being accessed or certain content from being viewed. You can disable in-app purchases, or specify that an App Store password is always required, and more. To get started, you configure your settings on the web, then download the profile the company provides.

The mere fact that this app and AppCertain even exist speaks to one of the problems with Apple’s strict control over its OS. Unlike on Android where apps like  KIDO’Z, Kytephone, Play Safe, Kid Mode and others allow parents more granular control and insight, Apple’s settings are cumbersome. If you turn on age restrictions, for example, the child can’t watch Netflix. You can disable the web browser, but not whitelist websites, and so on.

These devices are computers, and while parents may disagree on what level of involvement on their part is necessary, it’s fair to say that as with “real” computers, children – especially young children – shouldn’t be given free rein with no parental oversight. Too many parents think of iPads as toys, blindly typing in their password every time their kid begs for a new app. They, perhaps, put too much trust in Apple’s “family friendly” policies – just because apps are rated and ranked, pornography or gore-free, that doesn’t make everything appropriate for every child.

It will be interesting to see how far Apple allows these companies to push into this new territory, before it decides to crack down or otherwise change its policies.

AppCertain is available for download here on iPhone and iPad.

Article courtesy of TechCrunch

When the AP Twitter stream was hacked a few weeks ago leading to a massive drop in the equities market, I went off. I found the fact that the AP – a news organization staffed by intelligent people and with a long history of adapting to new media – could be hacked through a phishing attack was unconscionable. It would be like Bank of America being hacked by a group of script kiddies.

Sadly, this happens over and over. Why? Thankfully the folks at the Onion had the foresight to explain what exactly happened when the “Syrian Electronic Army” “hacked” their Twitter stream.

If you run your company’s social media account, read it. The takeaways are here:

I think the third suggestion is the most important – always change your Twitter password on a regular basis and, more important, never ever ever ever click on a link that suggests you should change your Twitter password via the browser. If you must change your Twitter password, either do it through Twitter.com directly or, barring that, email Twitter. If you’re the AP or the ACLU or the Boston Pony And Terrier Lovers Of America Club, I’m sure they’ll help out.

Twitter itself needs to offer dual factor authentication or, at the very least, send you a text when someone changes your password. This is imperative. Twitter is now a medium for corporate communications and for it have the security of a web forum is unconscionable. The person in charge of your Twitter feed should also have a completely separate email address, outside of your domain, and that person should have a process in place to check the URL of the password change page and then only change the password if everything is kosher. At the risk of raising script kiddie, I would say that most “hackers” depend more on the stupidity of their marks and less on their technical skill.

Don’t be stupid.

Article courtesy of TechCrunch

Editor’s note: Marco Rubio is a United States Senator from Florida. Follow him on Twitter @marcorubio.

Today, the U.S. Senate Committee on Commerce, Science & Transportation will examine the role of immigrants in America’s innovation economy. More specifically, the committee will look at how our broken immigration system is holding back American innovation and job creation, and how the immigration reform proposal before the Senate can promote a thriving U.S. technology sector that benefits American workers.

While there are a number of broken aspects of our immigration system today – including porous borders, weak workplace enforcement and an inadequate system to track foreign visitors who overstay their visas -
one that also stands out is the way we handle academic talent and highly skilled workers.

Every year, our colleges and universities graduate thousands of foreign students who have been educated in our world-class university system. But instead of putting that talent to work in the American economy, we send them home to places like China and India to compete against us. In other words, in many cases, other nations end up benefitting more from our education system than the United States does.

The Senate immigration reform bill would end this debacle. After educating the world’s brightest and most innovative minds, we will no longer send them home; we will instead staple green cards to their diplomas.

We will also expand the highly skilled H1-B visa program from the current 65,000 to a program with a new floor of 110,000, a ceiling of 180,000, and an additional 25,000 exemptions for persons who graduate from a U.S. university with an advanced degree in science, technology, engineering or math. In order to accomplish these necessary moves to a more merit-based immigration system, we eliminate certain categories of family preferences that have allowed for chain migration and completely eliminate the diversity visa lottery, among other reforms.

These measures, which we hope to improve on as the bill moves through the legislative process, are at the heart of our efforts to modernize our legal immigration system to help meet the needs of our 21st century economy, make it more merit and skill-based than ever, and allow our economy to remain a dynamic global leader. They are also the kinds of reforms that will make immigration reform a net benefit for our economy and our federal budget – the way immigration has always been a net benefit for America.

For example, studies show that 40 percent of American Fortune 500 firms were started by immigrants, as are roughly half of the most successful startups in Silicon Valley. This doesn’t just lead to corner-office, executive-level jobs; these generate jobs across the income spectrum that help Americans rise to the middle class and beyond.

With the reforms being offered, the benefits to our economy and our people will come from the infusion of entrepreneurs, innovators, investors, skilled workers and others driven by the desire to build a better life for themselves and their children. And when our economy needs foreign workers to fill labor shortages, our modernized system will ensure that the future flow of workers is manageable, traceable, fair to American workers, and in line with our economy’s needs.

Let there be no doubt that immigration will always be a powerful source of American strength. While some worry that the immigrants that will most benefit from the Senate’s legislation are mostly poor, with limited education and destined to be government dependents, history has proven something else. It has demonstrated the power of the American free enterprise system to lift people from the circumstances of their birth and into more prosperous and stable lives for themselves and their children. Over two centuries of life in America have demonstrated this to be true.

Of course, there are legitimate questions some have raised about why this is now the Senate’s priority.  During the time I’ve been working on immigration reform legislation, I’ve been asked why we are dealing
with this issue at this time, with some questioning the need of dealing with it at all with so many other pressing concerns like our growing debt, millions of unemployed or underemployed Americans, and the persistent threat of terrorism that recently manifested itself on our soil.

It’s absolutely true that these are the defining issues of our time that, frankly, should have been addressed a long time ago.

But the reality of immigration in America today is that, even if we didn’t have some 11 million illegal immigrants in the U.S. today, we would still have to fix our broken legal immigration system.

The immigration system we have today is a disaster. It’s de facto amnesty that threatens our security and our sovereignty. But even worse, it’s a job killer.

The immigration proposal being considered by the Senate is not perfect. And I believe we can improve it with the ideas of people like Orrin Hatch who care deeply about fixing the immigration system to work better for American workers.

As the immigration debate continues, it is important that we use today’s hearing and every other avenue we have to fix the broken immigration system we have. In doing so, we can move towards a strong, effective system that will secure the border, encourage job creation for Americans, and ensure America remains a dynamic global economic leader.

[Image: Office of Sen. Marco Rubio]

Article courtesy of TechCrunch

An old saying states that “security is inversely proportional to convenience.” This explains the slow adoption of many important security technologies. HTTPS, the secure version of the HTTP protocol used to browse the world wide web, has been around for more than two decades, but it’s only been in the last couple of years that it has been enabled by default on many major websites.

Back when we sucked down email from our ISPs over POP3 connections, all your data was, literally, yours: it was under your control more often than it wasn’t. If someone wanted access to your data, they had to access (or attack) your computer. As more and more of today’s data lives “in the cloud”, security becomes more and more important. If someone wants to access your data, you might never know about it as the attacks (or subpoenas) would be executed against the various cloud services you use.

Unlike Dropbox and similar services, which make it clear that they can access your data if they need to do so, SpiderOak employees can’t even see the names of the files you upload. And yet, SpiderOak hasn’t enjoyed quite the same level of success as Dropbox, in part because the security implementation makes it a little harder to use.

SpiderOak has made some great strides in making a friendlier product for casual users. They’ve revamped the sign-up process to make it easier and less intimidating, without compromising security. And they’ve just unleashed their new Hive addition, which makes multi-device synchronization easier than ever.

Historically, SpiderOak required users to explicitly share specific folders with specific devices. That’s a great feature, allowing you to ensure that your personal stuff doesn’t ever get synchronized to a work laptop, for example. But not everyone wants to explicitly decide which data can reside on which devices. Hive, available now, provides a pre-configured folder that is automatically synchronized with all devices linked to your account. This brings more Dropbox-like functionality to SpiderOak users, allowing them to enjoy secure cloud-based storage without manually configuring every device.

As Dropbox’s success has made abundantly clear, though, file storage and synchronization is so last year. The new hotness is service integration and automation. Things like IFTTT and all the other automation built atop it are making Dropbox the filesystem of the Internet. SpiderOak wants to be the private filesystem of the Internet. In order to support a rich ecosystem of third-party applications while still enforcing a commitment to zero-knowledge privacy, SpiderOak is working on Crypton, “a framework for building cryptographically secure cloud applications.”

SpiderOak has a couple of other tricks up their sleeve, too. While Dropbox and its ilk are strictly hosted solutions, SpiderOak has worked with a number of different corporate clients to deploy zero-knowledge privacy behind those companies’ firewalls. For various government and military agencies, this kind of on-premise secure storage is a requirement that Dropbox can’t easily provide.

Finally, SpiderOak has a few PSAs about the distinction between security and privacy available at zeroknowledgeprivacy.org. “Why Privacy Matters” and “The Fine Print of Privacy” are easy to read primers on some of the issues surrounding privacy online today. Even if you’re happy with Dropbox — or any of the cloud services that are quickly becoming indispensable — it’s worth spending a few minutes to read these primers.

Article courtesy of TechCrunch

Facebook today announced “Trusted Contacts,” an update to its “Trusted Friends” security feature that sends access codes to a few of a user’s close friends in order to help the person regain access to their account when needed.

Users will now be able to designate their Trusted Contacts in advance and change them if necessary through the Security Settings dashboard. Previously, users only encountered this feature when they were having trouble with their account. This meant that many users were unfamiliar with it. By making Trusted Contacts part of a user’s main settings, more people might understand what it is before they have a problem — or before they are called upon as a Trusted Contact themselves. This will help users be able to use the feature more effectively.

Facebook says it has also improved the flow for people who are their friend’s Trusted Contacts, giving them more information throughout the process of helping someone get back into the account. They’ll also be notified when they are selected, another way to help people understand the feature in advance. Some users are often wary of unfamiliar Facebook features, suspecting they might be part of a scam. We’ve heard from users who didn’t initially trust Facebook’s Offers or Gifts products because they thought they were third-party spam. Something like Trusted Friends with access codes to let another user log into their account might have seemed too suspicious to some. The changes today could help avoid that.

Starting today, users can set up their Trusted Contacts by visiting their Security Settings and choosing three to five friends to help them when they need it. Facebook recommends choosing friends that a user would be comfortable giving a spare key to their house. It’s also important to choose people that can be reached outside of Facebook messages, since a locked out user won’t be able to contact them this way.

When a user is unable to log into their account and can’t use the email password recovery system, they can then have an access code sent to these Trusted Contacts, who then share the code with them in person, on the phone or another trusted means of communication. Facebook warns against using email, chat or text, which can be easier for someone trying to impersonate a user and take over their account. When the user gets the access codes from three different friends, they can then put these into Facebook and recover their account.

Facebook says it offers this instead of giving users long forms to fill out or asking security questions like “What street did you grow up on?” which users often forget or which could be easily known by someone besides the user.

Article courtesy of Inside Facebook

Amazon Web Services (AWS) has launched a certification program to designate people who have the technical skills for building secure and reliable apps using AWS technology.

The new Amazon Web Services Global Certification Program is built around the three primary roles for engineering teams delivering cloud-based solutions: Solutions Architect, SysOps Administrator and Developer.

Before getting certified, people must pass an exam, which is administered through Kryterion testing centers in more than 100 countries and 750 testing locations.

The first certification to be offered is the “AWS Certified Solutions Architect – Associate Level.” The certificate is designed for solutions architects involved in the design and development of applications on AWS. Later this year AWS will offer certifications for Systems Operations (SysOps) administrators and developers.

AWS is slowly and consistently taking steps to build more enterprise business. The certification program exemplifies the need for expertise in using AWS. Enterprise customers often will demand support of this kind. The program helps build a network of people who meet AWS standards.

AWS also launched a security blog today, which is again a step to show enterprise customers that it cares about issues that to them matter most. It launched the blog with a timeline of the security and compliance releases it has added over the past several years.

Article courtesy of TechCrunch

Facebook removed 28 job listings from its careers page this week, likely after making hires in the areas of marketing, communications, account management and others.

• Manager, Data Warehouse Operations (Menlo Park)
• Safety and Security Engineer (New York)
• Latin America Business Operations Consultant (São Paulo)
• Tax Controversy (Menlo Park)
• Consumer Content Manager (New York)
• Manager, Corporate Communications (Toronto)
• Manager, Global Law Enforcement Response Team (Menlo Park)
• Interview Scheduler – Contract (Menlo Park)
• Recruiter (London)
• Sourcer, Diversity (Menlo Park)
• UEX/CS Recruiter – Contract (Menlo Park)
• Communication Designer- University (Menlo Park)
• Creative Producer (Menlo Park)
• Technical Program Manager, Data Center (Menlo Park)
• Marketing Manager, Global Vertical Marketing (Menlo Park)
• Regional Product Marketing Partner (Singapore)
• Product Marketing Manager (Menlo Park)
• Manager, Data Warehouse Operations (Menlo Park)
• Account Manager, Finance (New York)
• Account Manager, Finance (Chicago)
• Growth Manager (LATAM) (Mexico City)
• Team Lead, Media Solutions, Italian (Dublin)
• Strategic Partner Development – Athletes (Los Angeles – Menlo Park)
• Agency Partner, Turkey (London)
• Client Partner, South Africa (Dublin)
• Client Partner, Sub Saharan Africa (Dubai)
• Team Assistant (Part-Time) (Dubai)
• Team Assistant (half time – contract) (Warsaw)

Who else is hiring? The Inside Network Job Board presents a survey of current openings at leading companies in the industry.

Article courtesy of Inside Facebook

In what was a mind-boggling series of events in real-time, one Associated Press hack and a false tweet about the White House sent the stock market into a momentary free-fall. Twitter hopes to stop intrusions like that in the future by introducing a two-factor authentication process, Wired has learned. When this offering will be available to users is unknown.

The company has been working on this at least since we talked to them in November, and became more apparent when it was seeking to hire engineers with specific experience with login security. Why has it taken so long? That’s a question that only Twitter can answer.

Google rolled out its two-factor authentication offering in 2011, but Microsoft only just introduced their own last week. Making additional authentication steps mandatory for all users is a non-starter, since any friction standing between a social service and engagement would be a nightmare.

Having said that, this type of authentication is something that every verified account on Twitter should have had long ago. When Twitter verifies an account, it’s saying that they’ve gone through some type of procedure to approve that the person or entity is who they say they are. Keeping that integrity safe is essential to the entire concept.

In Twitter’s defense, a two-factor authentication for accounts that might be used my multiple parties in multiple locations, such as in the AP’s case, could be a hard problem to solve. In Google’s two-step process, as well as Facebook’s, you’re sent a text message with a code to enter when logging into your account from an un-authenticated device:

How something like that will work for an account managed by multiple people is a head-scratcher.

Until two-factor authentication rolls out, it’s smart to be vigilant when it comes to clicking on unknown links, and it’s always a good idea to change your password from time to time. Word of advice, though, don’t make your password something like “APm@rketing.” That could get hacked at any time, no matter who you are, but especially if you’re the Associated Press.

[Photo credit: Flickr]

Article courtesy of TechCrunch

The AP Twitter hack which sent the stock market briefly crashing was caused by a phishing attack, according to the AP. The news organization now says the attack on Twitter was “preceded by a phishing attempt on AP’s corporate network.”

The Twitter attack, which has now become another high-profile example of why Twitter may serve as a breaking news outlet, but not a trustworthy one, came less than an hour after AP staff received “an impressively disguised phishing email” – at least, according to AP reporter Mike Baker, who shared this detail on Twitter. His account does not appear to be hacked, though we’ve asked both Baker and AP to confirm that fact, as well as the context of his tweets. (More to come Update: Although the AP confirmed the Twitter hack was preceded by a phishing attempt, an AP spokesperson declined to confirm Baker’s time frame of “less than an hour,” saying the AP had nothing further to add at this time.)

While the tweet referencing an attack on the White House drew the most attention, it was not the only AP account to have been compromised today.

More hacked tweets from a different AP account (@AP_Mobile) reference Syria, for example:

The politicized nature of these tweets may give authorities investigating the hack a lead. The Syrian Electronic Army took credit for the attack, it seems. (See second screenshot, above). That Twitter account points to a website syrianelectornicarmy.com, which details its cyber attacks, notes the New York Times.

As a precaution, tweeting has been suspended from  @AP_Politics and @AP_Courtside, the news organization says. Until AP can vouch for the security of its systems, it’s asking readers and followers to not respond to any news these accounts may post.

The high-profile nature of the posts the AP account made today has brought attention to what would have otherwise been a run-of-the-mill “Twitter account compromised” kind of story, which, as Twitter gains in popularity, are now increasingly common. (Burger King and McDonald’s being recent examples of that.) However, as the resulting impact to financial markets showed, a need for news organizations to strengthen their own internal security measures may be called for.

Twitter, too, also still needs to think about offering additional protection to users – like two-factor authentication, which Google, Microsoft, Apple, Facebook and other tech companies already support. The company has previously said it was “exploring” this possibility.

For starters, like many other businesses today, they may need to educate reporters and other staffers on the dangers of opening and clicking on links contained in phishing emails.

In March, for example, the BBC’s Twitter also came under attack from hackers who appeared to be sympathizers of Syrian President Bashar Assad. The hackers took control of several BBC accounts to post political and anti-Semitic messages.

These attacks mirrored today’s in terms of how the hackers initially gained access to Twitter accounts, it’s worth noting – the BBC said that phishing emails were being sent around their organization prior to the accounts becoming compromised. Details of those emails, ironically, were reported on by the AP who had obtained a copy of the internal missives.

No official word yet on whether or how these two incidents may be related, though the BBC Twitter account also referenced the involvement of  the “Syrian Electronic Army” in its hacked tweets.

Julie Pace, the chief White House correspondent for the AP, announced at a White House briefing that the account had been hacked, as did the New York Times, which also reported that the president is safe and unharmed.

Today’s AP posts looked suspicious because the AP Twitter account normally posts messages using a social media tool known as Social Flow, and the erroneous tweets were sent from the web.

Also, as many on Twitter have now quipped: these hacks were obvious because they broke AP Style.

I love all the comments about the @ap hack being obvious because it broke AP Style. Copyeditors: 1 Hackers: 0

— Cyndi Waite (@DCCyndi) April 23, 2013

Update: Details regarding the phishing emails have now emerged. News watchdog site Romenesko has acquired by the phishing email itself, as well as a subsequent warning from the AP’s Information Security department to its staffers. Via Romenesko, here are the emails:

From: Associated Press Technology
Tue 4/23/2013 12:29 PM

All Staff –

Some users are receiving emails that appear to have a link to a Reuters or Washington Post news story. This email is a phishing attempt that takes users to a bogus site requesting you to log on. Users are advised not click to click on the link and not to enter their logon credentials. If you have already clicked on the link, or entered your logon credentials, please contact the help desk immediately.

Mark House
Information Security
The Associated Press
mhouse@ap.org
Office: 609.860.7233

This is the phishing email:

Sent: Tue 4/23/2013 12:12 PM
From: [An AP staffer]
Subject: News

Hello,

Please read the following article, it’s very important :

http://www.washingtonpost.com/blogs/worldviews/wp/2013/04/23/

[A different AP staffer]
Associated Press
San Diego
mobile [removed]

With the Era of Over-sharing and the Social Fire Hose upon us, the heft and value of privacy is changing — and, for better or worse, many argue that it’s diminishing. Perturbed by the access many companies (inconspicuously) have to our browsing history, former Googler Brian Kennish developed a Chrome Extension to address the browser privacy issue. Facebook Connect, as it was called then, disabled traffic from third-party sites to Facebook, while still allowing Average Internet Surfers like you and me to access Facebook.

Thanks to the near-immediate success of the extension, Kennish left Google to focus on the project full-time, and soon launched Disconnect — to apply the same concept to other popular platforms like Google, Yahoo, Digg and Twitter. Disconnect quickly turned into a full-blown company, and Kennish recruited the help of another former Google engineer, Austin Chau, along with consumer rights advocate, Casey Oppenheim.

The driving principle behind Disconnect, Kennish told us at the time, was to ensure that personal data remains under our own control and not that of corporations and to allow users “to control who does what with their data online.” With cybersecurity becoming a hot topic, CIPSA, the reintroduction of the Do Not Track Online Act, and the seemingly ever-present outrage over Facebook (and others) using our online data to target ads (even offline), the concern over privacy and security has only increased since Disconnect’s launch.

So, this week, the startup released version 2.0 of its Chrome extension, significantly expanding its coverage of the sites we use most frequently (and its speed), in an effort to keep up with the increasing complexity and pervasiveness of the variety of stuff that can potentially infringe on our online privacy.

Again, ask the founders and they’ll tell you that the Web today is littered with analytics, advertising, social widgets and the like that gum up the gears that make page load speeds hum, while quietly redirecting your personal browsing data to tracking companies. They believe that this stuff, in turn, increases your exposure to malware and other nefarious, Web-born attacks. And they’re not alone.

Disconnect 2 updates the privacy extension so that it now allows users to visualize and block over 2,000 third-party sites and track what they do on the Web, which they claim is twice the number of tracking sites covered by other, similar apps. The founders have also optimized Disconnect for speed and, based on benchmarks of the 1,000 most popular sites, pages use “an average of 17 percent less bandwidth and load 27 percent faster” with the app, they tell us.

This has increasing application today with the proliferation of digital advertising strategies like re-targeting, which companies like Facebook continue to refine to allow them to serve more relevant, personalized ads based not only on what you do on Facebook, but your activity outside of it. Besides the creepiness factor, the tools these companies use to track our behavior slows down our experience of these sites. Plus, advertisers are naturally inclined to resist standards that would limit their ability to tap into our data.

So, unfortunately, even though most browsers allow you to flip some kind of switch to go “Incognito” or limit tracking, most people fail to recognize that this isn’t a failsafe and advertisers don’t have to oblige them.

Disconnect 2 attempts to limit advertisers’ ability to use tools like re-targeting and put a stopper on the flow of your data into their databases. So, the new version not only allows users to block potential sources of malware, but encrypt the data they do exchange with third-party sites so companies can’t steal their data or hack their accounts over public WiFi.

This kind of functionality puts Disconnect (broadly) in competition with site optimizers like Cloudflare and Torbit, among many others, along with a host of security apps and services, particularly with personal data protection tools like Ghostery.

Disconnect 2 offers a toolbar button to let user view the number of tracking requests they receive on each page and choose which ones they want to block, along with a browser dropdown that shows you tracking requests by company, with green meaning they’re blocked and gray meaning they’re unblocked. As it always has, Disconnect still allows you to block popular sites like Facebook, Google and Twitter, but now allows you to view other sites by category (like “Social,” “Advertising,” etc) and pick and choose what you block via check marks.

But, unlike many other services, Disconnect is taking a pay-what-you-want approach to its new service. Users can choose from four standard pricing options, or enter how much they want to pay for the service. They can also choose, via sliding scale, how much of that payment they want to go to Disconnect and how much they want to go to charity.

At this point, Disconnect supports four different charities, like ProPublica, The Center for Democracy & Technology and The Electronic Frontier Foundation, for example, with plans to support more going forward. Users can pay by credit card or test the service out for themselves before paying. All in all, this a la carte, flexible pricing model gives the startup a better chance and monetizing without detracting from the user experience, making it, I’d argue, that much more appealing for those who might be on the fence about using it in the first place.

Disconnect 2 is currently available as browser extension for Chrome and Firefox, while the company’s other apps (like Facebook Disconnect) are available for Chrome, Firefox and Safari.

For more, find the startup at home here.

Article courtesy of TechCrunch