Archive for November, 2025

« Older Entries
Newer Entries »

Cloudflare Goes Down And Takes A Lot Of The Internet With It

Posted in Commentary with tags on November 18, 2025 by itnerd

If you were trying to get to Twitter, ChatGPT, Salesforce, or any number of other sites and you were having issues, it wasn’t you. Cloudflare, who are a content delivery network that also provides network and security products to companies took a dive. If you have a look at their status page, they acknowledge that they had an issue, but it is in the process of being resolved. But as I type this, there are still scattered reports of issues. Chances are, these issues will likely go away as the day goes on.

The folks at Cisco ThousandEyes have an outage map. I also got this statement from them regarding what they observed:

On November 18, 2025, at approximately 11:30 UTC, Cisco ThousandEyes began observing a global outage affecting cloud and CDN provider Cloudflare, impacting multiple Internet services including X, OpenAI, and Anthropic. While network paths to Cloudflare’s front-end infrastructure appeared clear of any elevated latency or packet loss, Cisco ThousandEyes observed a number of timeouts and HTTP 5XX server errors, which is indicative of a backend services issue. While Cloudflare has confirmed they are implementing remediation, the outage is still ongoing. Sample service impacted by the outage: https://cs.co/604475xqg

Thus for those who were hoping for a digital snow day, sorry.

Leave a comment »

2026 Predictions From Kognitos

Posted in Commentary with tags on November 18, 2025 by itnerd

Binny Gill, CEO and Founder of Kognitos, and Neeraj Mathur, Vice President of AI Solutions Engineering at Kognitosoffer their perspective on how in 2026, software and work alike will shift toward experience-driven models where AI handles the repetitive tasks and flexible automation frees people and businesses to focus on higher-value creativity and impact.

Binny Gill, CEO and Founder, Kognitos

“The software industry will start to look a lot like the restaurant business. You can cook a meal at home if you want, or you can go out to eat. Building software in-house is like cooking; buying software is like dining out. Both will exist. Some companies will cook more, some will buy more, but the question isn’t about features anymore. It’s about experience. A restaurant isn’t popular because it has the most dishes; it’s popular because people love the experience. That’s how software will evolve. It won’t be about build versus buy, it’ll be about the kind of experience the customer wants to have.”

Neeraj Mathur, Vice President of AI Solutions Engineering at Kognitos

“AI will not replace people, but it will absolutely replace the parts of work that keep people from thinking. The goal should never be to remove humans from the process. It should be to remove the repetitive, time-consuming steps that add no real value. When employees see that AI can take care of the small tasks, they start to use their creativity and judgment more. That is when real transformation begins. The future of work is not machines running everything; it is humans using AI as a partner to think and move faster.”

Leave a comment »

Secure.com Launches Digital Security Teammate to Bridge 4.8M Talent Gap as Global Cybercrime Soars to $10.5 Trillion

Posted in Commentary with tags on November 18, 2025 by itnerd

 Secure.com today announced the launch of Digital Security Teammate (DST), a new category of AI-native agents built to help security teams survive the largest operational crisis the industry has ever faced. According to Cybersecurity Ventures, cybercrime damages have reached $10.5 trillion globally, the talent gap has widened to 4.8 million unfilled roles, and security teams continue to drown in 1000s of alerts a day from tools they cannot staff or manage.

The company also announced that it has secured its first investment from Disrupt.com, the leading venture builder out of MENA behind notable global startups, including the $350M bootstrapped exit of Cloudways to DigitalOcean. The $4.5M backing signals a broader regional push to accelerate AI-native security innovation.

A Crisis Too Large for Human Teams Alone

As revealed in IBM’s Cost of a Data Breach Report 2025, breaches in the United States now hit an all-time high of $10.22 million, and breaches in the Middle East average $7.29 million, yet only 49% of breached companies plan to increase security spending. Leaders face five-month hiring cycles, analyst salaries above $300,000 per year, and rising failure rates across traditional operations.

The pressure on cybersecurity teams has reached a breaking point. A survey from Object First shows that 84% of security professionals report being uncomfortably stressed, and nearly 60% are considering leaving the profession. Turnover, burnout, and talent drain are eroding security from the inside as threats accelerate.

Only AI-powered defense can keep up with AI-powered attacks, yet most mid-sized, cloud-first organizations are still operating with pre-AI tooling and lean teams. Growing compliance and reporting requirements further demand faster response, higher accuracy, and continuous auditability.

Together, these forces are creating a crisis too large for human teams to shoulder alone.

Introducing Digital Security Teammates

DSTs are always on AI-native agents that work inside a company’s existing security stack. They investigate alerts, triage incidents, perform compliance tasks, and escalate only when needed, simplifying, not replacing, the tools teams already have. Unlike MDR, SOAR, or single-vendor co-pilots, DSTs deploy in minutes, work across the entire stack, and deliver value within the first 30 minutes.

Core capabilities include:

  • Unified Intelligence: DSTs consolidate insights across existing tools
  • 60% Noise Reduction: Contextual analysis eliminates noise
  • Natural Language Interface: Security teams interact with DSTs conversationally, no new training required
  • Transparent Operations: Every action is explained and auditable, building trust with human teams
  • Regulatory Alignment: Built-in compliance for SOC2, ISO 27001, NCA ECC, SAMA, and regional frameworks
  • Detailed Asset Insight with discovery, classification, and full context, powered by a knowledge graph
  • Integration with 200+ existing security platforms, including IBM QRadar, CISCO, Sentinel One, Splunk, CrowdStrike, Palo Alto Networks, and others, such as AWS, GCP & Azure Native cloud services

Unlike conventional tools, DSTs are designed with a user-first experience, giving lean teams clarity instead of complexity.

DSTs absorb the high-volume, high-fatigue tasks that burn out L1 and L2 analysts, from triage to compliance prep, freeing teams to focus on high-impact security work. By eliminating alert noise and manual triage, they prevent operational pressure from escalating to CISOs. The result: teams regain clarity, reclaim hours, and redirect their attention to full-context investigations with real impact and strategic improvements.

Real Results From Early Deployments

Early rollouts across finance, healthcare, and technology companies, especially among mid-market, cloud-first organizations with lean security teams, have shown transformative outcomes:

  • 70% faster detection MTTD (Mean Time To Detection) and 50% faster resolution MTTR (Mean Time To Resolution)
  • 75% faster alert triage and prioritization
  • 2,000+ analyst hours saved annually per Digital Teammate, plus nearly 200 hours saved per analyst each month, reducing asset-related workload by 62%
  • 60% reduction in alert fatigue

Early deployments include partners such as BayzatBlackpanda, and INIT Global. Beyond these, Secure.com is collaborating with over a dozen design partners across tech, fintech, XDR, MSP, and MSSP ecosystems, giving the platform deep, real-world coverage and accelerating rollout across the GCC, APAC, and the US.

A Milestone for the Middle East’s AI Ambitions

The launch strengthens the Middle East’s growing role in global AI innovation. With sustained investment in automation, resilience, and an AI-ready workforce, the region is rapidly emerging as a leader in next-generation technologies. Secure.com joins a rising cohort of companies building mission-critical AI solutions in the region and deploying them worldwide.

Enterprise Security for Everyone

Secure.com is now available to organizations, from growing businesses to global enterprises. DSTs begin mapping environments and building context within the first 30 minutes. Pricing begins at $2,500/month, giving companies enterprise-grade protection at a fraction of a human analyst’s cost.

Leave a comment »

Peer Software Expands Data Orchestration and Analytics Platform with Major Updates to PeerGFS and PeerIQ

Posted in Commentary with tags on November 18, 2025 by itnerd

Peer Software today announced significant advancements across its enterprise data orchestration and analytics platform with new releases of Peer Global File Service (PeerGFS) and PeerIQ. Together, these updates deliver expanded storage platform support, improved resiliency and performance, enhanced security and compliance, and powerful analytics for hybrid and multi-cloud enterprises.

PeerGFS: Simplifying Multi-Cloud File Management and Replication

The new version of PeerGFS introduces major updates to simplify file management and replication across multi-site, multi-platform, and hybrid multi-cloud environments. Key enhancements include:

  • Expanded Dell Ecosystem Integration – Building on its proven support for Dell PowerScale, PeerGFS now extends integration to Dell PowerStore and enhances support for Dell Unity. This expansion enables replication and synchronization of SMB, NFS, and multi-protocol workloads.
     
  • Enterprise Resiliency and Performance – Features such as large file transfer resume, significantly faster rescans, DFS Namespace integration for multi-protocol jobs, and streamlined NFS failover automation boost reliability and uptime.
     

PeerGFS continues to empower organizations to keep data highly available and consistent across complex environments—from edge to data center to cloud—enabling Active-Active synchronization, maintaining version integrity for collaborative file sharing, and replicating massive volumes of unstructured data with confidence.

PeerIQ: Multi-Platform Storage Analytics and Monitoring

The latest release of PeerIQ, Peer Software’s multi-platform storage analytics and monitoring solution, now delivers machine learning–based anomaly detection and expanded scalability for large-scale hybrid environments.

New capabilities include:

  • Machine Learning–Based Anomaly Detection – Identifies abnormal user or client IP behavior, with continuous analysis and algorithm retraining to refine accuracy.
     
  • Comprehensive Event Logging – Provides detailed, real-time event capture for file event monitoring and auditing across the enterprise.

These innovations give IT and security teams a powerful toolkit for proactive monitoring, compliance reporting, and faster issue resolution—helping them spot and address potential problems before they impact operations.

Leave a comment »

EnGenius Debuts ECC500 AI Camera at ISC East 

Posted in Commentary with tags on November 18, 2025 by itnerd

EnGenius Technologies, a global leader in AI-ready networking and smart surveillance solutions, is proud to announce the official launch of the ECC500, the latest breakthrough in its expanding EnGenius AI Surveillance lineup. The company will showcase the ECC500 with live, hands-on demonstrations throughout ISC East 2025, taking place November 18–20 at the Javits Center, 429 11th Ave, New York, NY 10001.

The new ECC500 AI camera brings cutting-edge intelligence to the edge, delivering advanced object detection, real-time classification, smarter alerts, and enhanced situational awareness for today’s most demanding environments—including hospitality, MDU, commercial buildings, retail, and education. By processing AI events directly on-device, the ECC500 dramatically reduces false positives and speeds up response times, giving organizations faster insights with greater accuracy.

At the EnGenius booth number 206, attendees will experience live AI demonstrations, including event detection, smart search, object tracking, and seamless integration with the EnGenius Cloud surveillance interface. These demos highlight how the ECC500 simplifies operations, accelerates investigations, and strengthens overall security strategies—without the complexity or high costs associated with traditional enterprise systems.

EnGenius invites all ISC East attendees to visit Booth #206 at the Javits Center to explore the ECC500, see live AI demos, and learn how the EnGenius AI Surveillance solution delivers smarter, more scalable protection.

For more information, visit https://www.engeniustech.com/ai-cloud-edge-camera-surveillance.html

Leave a comment »

Fortinet and Crime Stoppers International Launch Global Cybercrime Bounty Program

Posted in Commentary with tags on November 18, 2025 by itnerd

Fortinet and Crime Stoppers International (CSI), the world’s only global crime reporting platform, today announced the launch of a global partnership and pioneering Cybercrime Bounty program. The partnership with CSI introduces a collaborative program to allow more expansive action against cybercrime, including converged crime. The initial output of the partnership is the Cybercrime Bounty, an initiative designed to encourage individuals worldwide to safely and anonymously report cybercriminal activity, thereby strengthening cyber resilience for organizations and governments and furthering Fortinet’s collaborative efforts with public and private sector partners to advance collective action against cybercrime.

This first-of-its kind Cybercrime Bounty program will demonstrate how collaboration can accelerate innovation, intelligence sharing, coordinated response, and tangible accountability results, driving real cybercrime deterrence and disruption.

Through this unique collaboration, CSI will leverage its trusted anonymous reporting infrastructure to provide a secure channel for citizens and ethical hackers to share information about cyberthreats. Fortinet will contribute its expertise in threat intelligence and cybersecurity innovation to validate, analyze, and put reports into action, where appropriate, routing cybersecurity threat intelligence packages to law enforcement partners for investigations, arrests, and prosecutions.

Together, the shared expertise and resources of the Fortinet and CSI partnership and the Cybercrime Bounty will incentivize disruption, strengthening national and economic security.

A Global Call to Action
The Cybercrime Bounty program represents an unprecedented collaboration between a community-based crime prevention organization and a global cybersecurity leader. It combines CSI’s trusted global network with Fortinet’s world-class threat intelligence expertise to deliver a practical, scalable solution to take on one of today’s most pressing cybersecurity challenges.

Accountability is key to deterrence. Fortinet has committed over 13 years to uniting public and private sectors to systematically disrupt cybercriminal operations and strengthen cyber resilience worldwide. Teamwork is critical to counter cybercriminals. Cybercrime is not a problem any one organization can solve alone; it requires continuous intelligence sharing, education, and a commitment to public-private cooperation at scale. This collaboration with CSI creates a Cybercrime Bounty initiative built to continue scaling deterrence. 

A Global Disruption Framework and United Force Against Cybercrime
The Cybercrime Bounty program and initiative:

  • Fosters community engagement and support: Disrupting organized cybercrime requires a global effort, with strong, trusted relationships between private-sector participants and public-sector organizations to align private intelligence and critical infrastructure at speed and across networks and borders. The Fortinet and CSI Cybercrime Bounty program aligns with other successful public-private collaborations that are dedicated to transparency and accountability. 
  • Scales disruption against cybercrime: Patterns and weak links are in full force now, requiring speed vs. sovereignty to work across borders without losing trust or privacy. Coordinated response and accountability break down the shift from ad hoc cooperation to scalable disruption.
  • Leans into global cybersecurity and cybercrime prevention leadership: As a global leader in cybersecurity and stalwart dedicated to preventing cybercrime through systemic disruption, Fortinet delivers cyberthreat intelligence and visibility into cyber activity through its broad, integrated, and automated protections across the entire digital attack surface. The company also brings its long-standing commitment to pioneering efforts to disrupt cybercrime to this initiative, escalating accountability efforts to deter youth and other aspiring cybercriminals by sending a message that such actions will not go unaccounted for.
  • Leverages Fortinet’s leadership role in shaping global cybersecurity collaboration: Relevant insights and experience that Fortinet brings to this Cybercrime Bounty effort include experience gained as a founding member of the World Economic Forum’s Cybercrime Atlas. The Cybercrime Atlas: Impact Report 2025 highlights the tangible progress achieved through multi-sector collaboration in dismantling cybercriminal networks and building resilience at scale. This cybercrime bounty effort with CSI builds on Fortinet’s long-standing collaborations with esteemed organizations from both the public and private sectors, including government entities, academia, and other public organizations, as a fundamental aspect of Fortinet’s commitment to enhancing global cyber resilience.

Leave a comment »

Vanta Introduces Agentic Trust Platform

Posted in Commentary with tags on November 18, 2025 by itnerd

Vanta today unveiled a number of new products that redefine how enterprises earn and prove trust at scale. Powered by intelligent automation, Vanta’s industry-first Agentic Trust Platform helps teams understand their environment, anticipate what’s next, and automate workflows across compliance, risk, and security assessments.

According to Vanta’s 2025 State of Trust, 72% of business and IT leaders say overall risk is at an all-time high, yet nearly two-thirds spend more time posturing than protecting their organization. This highlights the need to adopt AI in ways that enhance security and decrease busywork.

Vanta’s Agentic Trust Platform brings new industry-defining capabilities including:

  • Vanta AI Agent 2.0: At the intelligent core of the Vanta Agentic Trust Platform, it acts as a 24/7 GRC engineer that understands an organization’s environment – anticipating what’s next, providing proactive, personalized guidance, and keeping compliance in sync.
  • Organizations Center: Organizations Center gives CISOs complete visibility across business units, products, and geographies with AI-powered scoping and audit workflows that simplify the audit process across complex enterprises.
  • Risk Graph: The Vanta Risk Graph turns fragmented risk data into a real-time, actionable map that shows how organizations’ risks connect and spread, pinpoints high-impact issues, and guides action before they escalate.
  • Customer Commitments: Customer Commitments maps customer obligations to the right controls and automates follow-through, ensuring every promise is tracked, met, and transparently communicated.

Vanta AI Agent 2.0 orchestrates trust workflows

Launched in July, the Vanta AI Agent saves customers an average of four hours per week by automating evidence collection and streamlining policy management.

With the launch of the Vanta AI Agent 2.0, it’s evolving into a dynamic 24/7 GRC engineer with complete program awareness and understanding. Powered by context and memory, the Vanta AI Agent 2.0 can expose program gaps, provide proactive, personalized guidance, and even take coordinated actions on critical work.

The Vanta AI Agent can now:

  • Accelerate audit preparation: Automatically collects and validates evidence, eliminating one of the most time-consuming and error-prone parts of audit prep. Asking the agent to help with various elements of audit prep such as identifying updates for a new framework, drafting policies for an office expansion, or recommending privacy adjustments for EU operations generates actionable, tailored responses in seconds.
  • Automate security questionnaires: Takes the first pass at questionnaires – filling in verified answers, surfacing gaps before they slow reviews, and giving teams ready-to-share responses to close deals faster.
  • Review and monitor vendors: Streamlines vendor oversight from discovery and due diligence through continuous monitoring, surfacing high-priority alerts so teams can focus where it matters most.

The Vanta AI Agent 2.0 will be available in the coming months.

Enterprise-grade visibility and control

As companies grow, so does the complexity of their compliance and risk programs with new products, acquisitions and regions introducing additional compliance frameworks and siloed information. Designed for CISOs and GRC leaders, Organizations Center connects multiple Vanta organizations into a single view while maintaining separation where needed. Along with Organizations Center, new enterprise capabilities will allow businesses to:

  • Define scopes across an organization: Defines scope by business unit, product line, geography, or acquisition. Vanta updates automatically as systems, personnel, or vendors change – keeping compliance current without manual effort.
  • Manage auditor requests: Simplifies audit collaboration by managing auditor requests, internal reviews, and evidence evaluation directly in Vanta or through the API.
  • Unify overlapping frameworks: Groups related controls into common requirements with mapped evidence, policies, and risks.

Risk Graph unifies risk management

In a connected business environment, even a single vendor vulnerability or internal misconfiguration can ripple across supply chains. According to Forrester, organizations are expanding their ecosystems of third-party relationships, creating interconnected risk exposure that traditional approaches struggle to manage.

Vanta’s Risk Graph creates a single source of truth for risks across the organization, turning disconnected alerts into a connected map that shows relationships across risks and how they spread throughout an environment. By combining signals from a company’s internal risk environment with third-party insights on vendors and flagging risks as they surface, Vanta’s Risk Graph enables teams to prioritize the highest-impact risks and trigger automated workflows from the Vanta AI Agent. The result is that teams can see not just what the risks are, but how they connect and where to act first.

The Vanta Risk Graph will be available in early 2026.

Customer Commitments keeps customer promises

Once a deal is signed, keeping up with promises made to customers is essential to maintaining trust and driving renewals. But many organizations struggle to manage these promises, especially custom obligations like breach notification SLAs or subprocessor updates. When an incident or vulnerability occurs, teams scramble to identify who they made commitments to – delaying responses and risking broken promises.

Customer Commitments is the only intelligent compliance solution that centralizes, tracks and acts on every promise an organization has made. It sends alerts if commitments are at risk, automates workflows to act on triggered commitments, maps commitments to relevant controls, and keeps customers informed through the Trust Center with verified, transparent updates.

Customer Commitments is in preview and will be available next year.

VantaCon 2025: Agentic Trust Platform

Vanta will debut and demo its Agentic Trust Platform tomorrow, November 19 at 9:30am PT at VantaCon 2025: AI is Rewriting Trust. Speakers from Anthropic, Snowflake, 1Password, Clay, Sierra, Golden State Warriors, Golden State Valkyries, Ramp, Duolingo and more will explore how AI is transforming trust, risk and compliance. To register for the livestream of the product keynote, visit https://www.vanta.com/vantacon.

Leave a comment »

Guest Post: The “qwerty123” is out: “admin” is Canada’s top password in 2025

Posted in Commentary with tags on November 18, 2025 by itnerd

NordPass, together with NordStellar, has released the seventh edition of its annual Top 200 Most Common Passwords research. In addition to identifying the most popular passwords globally and in 44 countries, this year, the research focused on understanding how the passwords used by different generations vary. 

Most common passwords in Canada

Below are the top 20 most common passwords in Canada. The full list of global passwords and those from other countries covered by this research is available here.

  1. admin
  2. 123456
  3. gallant123
  4. password
  5. 1hateyou
  6. 12345678
  7. 123456789
  8. ZZZzzz111
  9. 12345
  10. Password
  11. stinky124
  12. Cutie121
  13. Password1
  14. pelletier123
  15. winners1
  16. wowme234
  17. 123four56
  18. 12345678910
  19. imstupid
  20. 1234567890

Although cybersecurity experts keep repeating that simple passwords are extremely easy to guess using a dictionary and brute-force attacks, Canadians seem to ignore the warnings. Words, number combinations, and common keyboard patterns dominate Canada’s top 20 list.

This year, “admin” is the most common password in Canada, replacing last year’s top choice, “qwerty123,” while “123456” ranks second. However, different variations of the word “password” take up as many as three spots in Canada’s top 20 most common passwords list. Different numeric combinations take up six spots.

Researchers also point out that sports-related terms (e.g., “hockey”) are being replaced by swear words in some countries. But Canadians are too polite for that. Their top 20 lists for both last year and this year contain no profanities.

Global trends 

Globally, “123456” is the most common password, followed by “admin” in second place, and “12345678” in third — another simple numeric sequence. Such weak patterns, ranging from “12345” to “1234567890,” along with common weak passwords like “qwerty123,” dominate top 20 lists across many countries.

Compared to last year, researchers observed a significant increase in the use of special characters in passwords. This year, 32 passwords on the global list include them, a notable rise from just six last year. The most common special character in passwords is “@,” and most of the passwords are unfortunately no more complicated than “P@ssw0rd,” “Admin@123,” or “Abcd@1234.”

The word “password” remains one of the most popular passwords worldwide. It’s used both in English form and in local languages in nearly every country we studied — from Slovak “heslo” and Finnish “salasana” to French “motdepasse” and Spanish “contraseña.” 

“Generally speaking, despite all efforts in cybersecurity education and digital awareness over the years, data reveals only minor improvements in password hygiene. The world is slowly moving towards passkeys — a new passwordless authentication method based on biometric data — but in the interim, until passkeys become ubiquitous, strong passwords are very important. Especially since around 80% of data breaches are caused by compromised, weak, and reused passwords, and criminals will intensify their attacks as much as they can until they reach an obstacle they can’t overcome,” says Karolis Arbaciauskas, head of product at NordPass.

The myth of the “digital native”

Research shows that for Digital Natives — those who grew up immersed in the online world — extensive exposure to technology doesn’t automatically translate into a strong understanding of fundamental password security practices or the severe risks associated with poor choices.

“The password habits of 18-year-olds are similar to those of 80-year-olds. Number combinations, such as ‘12345’ and ‘123456,’ are in the top spots across all age groups. The biggest difference is that older generations are more likely to use names in their passwords,” says Arbaciauskas.

Research reveals that Generations Z and Y rarely use names in their passwords, preferring combinations like “1234567890” and “skibidi” instead. The use of names in passwords becomes more prevalent starting with Generation X, peaking among Baby Boomers. 

Among Generation X, the most popular name used as a password is “Veronica.” For Baby Boomers, it’s “Maria,” and for the Silent Generation, it’s “Susana.”

The full list is available here.

Password safety tips

According to Arbaciauskas, a few basic rules can greatly improve digital hygiene and help avoid falling victim to cyberattacks due to irresponsible password management:

  • Create strong random passwords or passphrases. Passwords should be at least 20 characters long and consist of a random combination of numbers, letters, and special characters. 
  • Never reuse passwords. The rule of thumb is that each account should have a unique password because if one account gets broken into, hackers can use the same credentials for other accounts.
  • Review your passwords. Make sure to regularly check the health of your passwords. Identify any weak, old, or reused ones and upgrade them to new, complex passwords for a safer online experience.
  • Use a password manager. It can help you generate, store, review, and safely manage all your passwords, ensuring they’re well protected, difficult to crack, and easily available when you need them.
  • Turn on multi-factor authentication (MFA). It adds an extra layer of security. MFA helps keep hackers out even if a password gets breached.

Research methodology

This report is the result of a joint effort between NordPass and NordStellar together with independent researchers specializing in research of cybersecurity incidents. Recent public data breaches and dark web repositories were analyzed for passwords exposed from  September 2024 to September 2025, with statistically aggregated data extracted. No personal data was acquired or purchased for this research.

Leave a comment »

Guest Post: US shopping apps collect more data than Chinese or Canadian rivals

Posted in Commentary with tags on November 18, 2025 by itnerd

As shoppers gear up for the holiday season, Surfshark investigated the data collection practices of the 10 most popular shopping apps in the US, finding that US-based apps tend to collect more data compared to their counterparts in China and Canada. For example, Amazon collects 25 unique data types out of 35, but among Chinese apps, Alibaba is the most data-hungry, collecting 19 unique data types.

“Scrolling through tempting deals on Temu, Shein, Amazon, and other shopping apps is a Black Friday tradition for many. However, before downloading any shopping app, people should consider whether they are truly willing to trade their privacy for a discount,” says Miguel Fornes, Information Security Manager at Surfshark. “Many shopping apps collect far more data than people realize, and this extends beyond purchase history. Some apps can even gather sensitive information such as political views, racial background, or biometric and health data.”

The Amazon shopping app is the most privacy-intrusive. It collects 25 unique data types out of 35, Walmart and Costco each collect 23, and Whatnot — another US-based app — collects 20. Among Chinese apps, Alibaba is the most data-hungry, collecting 19 unique data types, followed by Temu with 17, Aliexpress with 16, and Shein with 15. The Canadian app, Shop, collects 19 data types, which places it on par with the most data-collecting Chinese app.

All the analyzed apps collect information such as email address, name, payment information, physical address, user ID, search history, and product interaction. The majority of these apps also gather device IDs (except for Temu), phone numbers (except for Shein), photos or videos (except for Shop), and location data (except for Shein). Additionally, most of this collected data is directly linked to individual users, enabling these apps to build comprehensive user profiles, which raises privacy concerns. 

Some of the data collected by these shopping apps is surprising and even bizarre. For instance, Amazon and Walmart collect sensitive information — which could include political opinions, racial or ethnic background, biometric data, genetic information, sexual orientation, disability status, or pregnancy details. Whatnot and Alibaba collect users’ contacts, such as contact lists from a user’s phone or address book. In addition, Amazon, Walmart, Whatnot, and Alibaba collect users’ voice or sound recordings.

According to Fornes, these abusive data collection practices can be very dangerous if an app is breached and information about a person is leaked. First, leaked bank account information and purchase history can lead to unauthorized charges, identity theft, and significant financial loss. Second, leaked sensitive information – especially sensitive data like political views or health data – can damage your reputation and financial standing, as health data rarely changes and may be used by insurance and healthcare companies. Finally, all this leaked data might fuel subsequent highly personalized phishing campaigns. Therefore, Fornes advises:

  • Don’t download apps you don’t need. If you only shop on Amazon occasionally, accessing their website through a browser is more private than keeping the app installed. Besides, you may improve your battery or device health by offloading those.
  • Grant permissions selectively. Only allow access to data essential and directly relevant to the app’s functionality.
  • Revoke unnecessary permissions. Regularly review and revoke permissions you have granted. For example, go to settings, apps, app name, permissions on iOS, and change them. Remember the app will still work as intended after removing unnecessary permissions, but just triggering some informational notifications.
  • Read the Privacy Policy and opt out of data sharing. Understand what data the app collects, how it’s used, and with whom it’s shared. Many apps offer options to limit data collection for advertising purposes. Look for these settings.
  • Strengthen your account security. Use strong, unique passwords; enable two-factor authentication (2FA); consider having a dedicated virtual debit card or escrow payment methods (such as PayPal) for such apps or shopping at less-trusted sites.

 For the complete research material behind this study, visit here.

Leave a comment »

Amazon alum launch Albatross with $12.5m to rediscover shopping 

Posted in Commentary with tags on November 18, 2025 by itnerd

Every click online tells a story. Yet the systems behind most of the internet still treat users as static profiles, recycling yesterday’s data to predict tomorrow’s intent. Albatross, a Zurich-based AI company founded by former Amazon AI leaders, has raised $12.5 million in new funding to rewrite that logic with the world’s first platform for real-time product and content discovery – one that learns, reasons, and adapts as users interact.

The round was led by MMC Ventures with participation from Redalpine, Daphni, and strategic angels, bringing Albatross’s total funding to $16 million, following a $3.5 million foundation round in September 2024 led by Redalpine. The company’s platform is already serving billions of live events and tens of millions of predictions each month across marketplaces, retail, and travel platforms worldwide, processing approximately a hundred million products and tens of millions of end users.

Founded in 2024 by Dr Kevin Kahn and Dr Matteo Ruffini, both former Amazon AI leaders, alongside serial entrepreneur Johan Boissard, Albatross is tackling what the team sees as a fundamental gap in the AI revolution. While much of the industry focuses on large language models that generate content, Albatross is building the second pillar of AI: understanding how users perceive and interact with content in real time. It is built on transformer-based architecture with sequential embedding models trained directly on live events.

Traditional recommendation systems look backward, using batch-trained models that rely on popularity, similarity, or user history. They struggle to capture what really matters: what a person is doing right now. In contrast, Albatross replaces these legacy systems with AI that learns continuously from live behavior, updating in milliseconds as users browse, search, and explore without any manual intervention or retraining. Notably, until now no platform could adapt instantly to changes in user behavior. Albatross is the first to do this.

Albatross’s two flagship products – the Real-Time Discovery Feed and Multimodal Search. The Discovery Feed dynamically curates inspiring products and content in real time, while the Multimodal Search engine refines results based on evolving intent, even bridging in-store and online journeys through contextual and image input. The platform operates with enterprise-grade reliability at virtually zero latency.

Early pilots have shown triple-digit uplifts in engagement and product discovery. Integration takes less than seven weeks from signature to deployment, and the platform operates with enterprise-grade reliability, handling billions of data points. The company’s research on cold-start discovery, presented at RecSys 2025, now powers its production platform at scale.

As content and commerce continue to explode, discovery is becoming the defining challenge of the digital economy. Albatross’s goal is to make digital experiences adaptive – transforming the way people find what inspires them, in real time.

Leave a comment »

« Older Entries
Newer Entries »