Archive for the Commentary Category

Guest Post: Romance Scams Are On The Rise and Victims Need Support Says NordVPN

Posted in Commentary with tags on March 5, 2021 by itnerd

Cybercriminals exploit emotions and stressful situations for financial gain mainly. Thus, romance scams and cyberbullying are reported to be among the most common of cybercrimes. The fact that victims do not always seek help inflates the activity even more.

According to Cybercrime Support Network, romance scams and cyberbullying are the top most visited topics on FraudSupport.org. Meanwhile, Federal Trade Commission reports that in 2019, approximately $201 million were lost due to romance scams – almost 40% more than in 2018.    

Kristin Judge, CEO and Founder of Cybercrime Support Network, notes that victims of the aforementioned crimes often remain silent. “Not only are these types of cybercrime common, but can be very emotionally triggering. We understand that it can be difficult for victims of cybercrime to seek help.  It’s important to remember that you are not alone.” 

Romance scams are often long-term strategies, luring victims into believing they are in a long-distance relationship. The scammer will tell stories of personal financial hardships or medical emergencies. They hope that the victim will feel obligated or willing to help them financially. Scammers are searching for victims on dating sites and apps. 

Emotionally Charged Messages are Red Flags

Cybercriminals use social engineering techniques that evoke an emotional act on impulse. Judge says, “Cybercrime and online fraud can affect anyone, at any age, in any profession. If you receive a phone call, email, or text that uses urgent language like ‘act now!’ or ‘respond immediately,’ consider it a red flag.” 

As Daniel Markuson, the digital privacy expert at NordVPN, notes, the best thing is to stay informed about the newest scams. “Scammers are always looking out for new ways to lure people into their traps. And yet, emotions and lack of awareness are the universal weakness. Increase of scams surrounding the social turbulence and lockdown nowadays is just another proof of cybercriminals’ use of peoples’ vulnerabilities”.

Markuson advises always to double-check the sender and never download nor click on anything that you are not sure about. Scammers can rush internet users into taking harmful actions by pretending to be friends, family members, or colleagues. If you or someone you know has been impacted by cybercrime, visit FraudSupport.org for free resources.

PocketPills Raises $30M In Series B Funding To Fuel Same Day Delivery Nationwide

Posted in Commentary with tags on March 3, 2021 by itnerd

PocketPills, Canada’s largest and fastest-growing online pharmacy, announced today the close of $30M in Series B funding, led by Canada’s most active corporate venture capital fund, TELUS Ventures. The investment will be used to broaden PocketPills’ product offering and further accelerate its national expansion, with facilities opening in Quebec and Alberta that will help achieve its goal of nationwide same-day delivery.

The round was led by TELUS Ventures with follow-on participation from WaterBridge Ventures. As the market leader in Canada’s digital health landscape, the TELUS Health team will deliver valuable expertise to the PocketPills team as they scale and develop new product offerings.  

PocketPills has established itself as Canada’s leading online pharmacy, with five times growth in 2020. The company has scaled operations across Canada, with pharmacy warehouses in British Columbia, Manitoba, Ontario, and Nova Scotia. With its Series B funding, PocketPills will invest further in technology and pharmacy automation and open facilities in Alberta and Quebec. PocketPills is a technology-first online pharmacy, and its research and development team of 30 software engineers allows for continuous product optimization and a pipeline of innovative product launches. Strong relationships with insurers, larger brokerages, and third-party administrators help to control the costs of prescription medication and provide convenience to members. Over 300,000 Canadians already have access to the platform, with numbers growing daily. Additionally, PocketPills is providing pharmacy APIs for anyone who wants to integrate. 

By combining technology and personalized service, PocketPills is improving the way prescriptions are filled, delivered, and managed. Established by two pharmacists and an engineer in 2018, PocketPills was formed with the vision of making medication management simple. No more sorting pills, waiting in line, or chasing refills. PocketPills’ solution is an end-to-end system built from the ground up, with members at its core. Through an easy-to-use online platform, members can access the pharmacy whenever they want, wherever they are.

As the strategic investment arm of TELUS Corporation, TELUS Ventures was founded in 2001 and is one of Canada’s most active corporate venture capital funds. TELUS Ventures has invested in over 90 companies since its inception with a focus on innovative technologies such as Digital Health, IoT, AI, and Security. TELUS Ventures is an active investment partner and supports its portfolio companies through mentoring; exposure to TELUS’ extensive network of business and co-investment partners; access to TELUS’ technologies and broadband networks; and by actively driving new solutions across the TELUS ecosystem.

WaterBridge Ventures (WBV) is the 1st institutional investor in disruptive companies. WBV’s founders’ first approach, deep engagement model, and network strength have led to many robust partnerships between the firm and its entrepreneur partners. Besides PocketPills, some of its leading investments include Atlan, Bijnis, Chalo, CityMall, Doubtnut, MagicPin, Unacademy and ZipLoan. 

Indigenous Entrepreneurs Receive $25 Million Boost From World’s First Indigenous Impact Fund

Posted in Commentary with tags on March 2, 2021 by itnerd

Indigenous entrepreneurs are benefiting following the Final Close of Raven Indigenous Capital Partners’ (Raven) Impact Investment Fund with $25 million in capital commitments from 38 investors drawn from across Canada and the United States. The Fund closed on January 31, 2021. Interestingly, TELUS Pollinator Fund for Good is the largest Canadian investor. 

The Raven Indigenous Impact Capital Fund I was launched in response to the resource gap faced by many Indigenous entrepreneurs. Despite Indigenous entrepreneurs’ strong ideas and product offerings, systemic racism and colonization have blocked their access to the capital and crucial capacity-building opportunities that spur growth in non-Indigenous enterprises.

The Raven Indigenous Impact Fund provides equity and equity-like capital to innovative, scalable, purpose-driven Indigenous enterprises. The Fund looks to support entrepreneurs who are at the seed and/or early stage. Through the Raven Fund, innovative Indigenous enterprises can access the support they need to grow from a trusted partner. The Fund represents a sustainable, values-driven approach to poverty reduction and community resilience that will directly contribute to the development of an Indigenous middle class. Enterprises are screened through a unique, Indigenous impact lens and receive investments ranging from $250,000 to $2 million.

For investors, Raven combines a strong social and environmental impact thesis and generates competitive returns. The fund targets a net annualized rate of return of 6-8% over a ten-year fund life.

The Raven Fund reflects a growing recognition of Indigenous entrepreneurs as innovators and knowledge keepers leading an economic transformation that will lift up Indigenous Peoples across Turtle Island. The overwhelmingly positive response to the Fund from the investment community will bolster Raven’s efforts to build a portfolio of dynamic technology-driven and enabled Indigenous enterprises, as well as plot initial steps toward raising a successor fund in the near future. 

Terranova Security Announces Global Dashboard Feature

Posted in Commentary with tags on March 2, 2021 by itnerd

Terranova Security, global partner of choice in security awareness training, has announced the release of its Global Dashboard functionality within the Terranova Security Awareness Platform. The release empowers organizations, as well as cyber security and risk management leaders, to leverage customizable, real-time analytics visualizations for improved data-driven decision-making. 

Featuring a flexible, widget-based interface, the Terranova Security Global Dashboard can easily be personalized to display an organization’s key security awareness training information. Using customizable filters, administrators can refine reporting data to focus on a specific department, geographical region, or any other pertinent user grouping.  

The Terranova Security Global Dashboard feature also centralizes the reporting process. It enables organizations to capture insights that gauge user behavior change – such as how many users in a particular department or region successfully completed training on a key topic – all in one, easy-to-use space within the Security Awareness Platform. Using that intel, leaders can optimize their security awareness training program performance. 

Terranova Security Global Dashboard Functionality: Key Highlights  

Ensuring that the right user behaviors are being targeted and their data is consistently protected is more crucial to organizations than ever before. The Terranova Security Global Dashboard capabilities make it easy to extract essential data-driven insights and empower organizations with informed, proactive security awareness decision-making. 

Key benefits of the Global Dashboard feature include: 

  • Centralized analytics to enable organizations to gauge user behavior change success quickly and efficiently with the ability to view specific training information in one location with the Security Awareness Platform. 
  • Customizable dashboard data that combines a modular, widget-based environment with built-in filters to instantly tailor every aspect of the analytics experience to an organization’s needs and goals. 
  • In-depth reporting possibilities that go beyond a one-size-fits-all approach to training metrics by empowering administrators and leaders to pinpoint specific improvement areas and adjust security awareness campaigns accordingly. 

In an era of accelerated digital transformation, clear, granular analytics and reporting are integral to the success of a security awareness training program. Recent data demonstrates that data-driven organizations are three times as likely to report significant decision-making improvements.  

The Terranova Security Global Dashboard is a new module within the Security Awareness Platform. Dashboard widgets that provide granular visualization of training course data are currently available for all Security Awareness Platform administrators. Additional widgets will be added on an ongoing basis.   

For more information on the Terranova Security Global Dashboard release, visit the Terranova Security website. You can also download the new whitepaper exploring the value customizable cyber security reporting adds to an organization’s technological infrastructure, titled “The Power of Personalized Reporting in Security Awareness Training.” 

TELUS Announces A New Brand Promise: Let’s Make The Future Friendly

Posted in Commentary with tags on March 2, 2021 by itnerd

As the global leader in social capitalism, today TELUS is announcing the evolution of its brand promise, ‘let’s make the future friendly’. Over the last two decades, TELUS’ brand promise of ‘the future is friendly’ has helped Canadians embrace new technologies like 4G LTE, 5G, Fibre, IoT, virtual health and artificial intelligence. As we all continue to navigate a global health pandemic and experience significant social change, TELUS wants to work together with Canadians to continue to make a positive social impact. By placing an invitation at the heart of their new brand promise — let’s make the future friendly — they invite all Canadians to help create a friendlier future with us. Canadians will also see some exciting new changes to the brand’s iconic visual identity in advertising and communications. The lovable critters that Canadians have come to adore over the years will remain, but will appear more natural and authentic allowing their charm and beauty to shine. 

TELUS believes that their brand is a living embodiment of their values in action. For more than two decades, together with the support of their customers, team members and retirees in Canada and worldwide, TELUS has been driving social change and creating remarkable outcomes around the world for those who need it most.

As part of TELUS’ bold, evolved brand promise, they are launching a new campaign to articulate TELUS’ evolved brand promise. The campaign kicks-off with a TV spot in English and French, inviting Canadians to join with TELUS to make the future friendly together, driving to Social Impact webpages for additional stories and content about the significant impact TELUS is making in communities globally. The campaign will also include radio, digital, and out-of-home advertising, as well as social media, PR, and influencer activations in the coming weeks and months that will showcase the many ways in which TELUS is helping to make the future friendly for all. 

To learn more about how TELUS is helping to make the future friendly, visit telus.com/friendly.

Cisco Webex Announces Real-Time Translations

Posted in Commentary with tags on March 2, 2021 by itnerd

Today Cisco announced the availability (in preview beginning this month) of its real-time translation feature while also dramatically expanding the language library from 10+ to more than 100 languages, ranging from Armenian to Zulu. As part of the all new Webex, organizations can provide employees with inclusive and seamless collaboration experiences, which is essential to supporting the needs of a workforce that is more globally dispersed than ever before.

Users can create their own personalized Webex meeting experience  by quickly and easily self-selecting the language of their choice from the most commonly used languages, such as Arabic, Dutch, French, German, Japanese, Korean, Mandarin, Russian and Spanish, as well as more localized languages such as Danish, Hindi, Malay, Turkish and Vietnamese. The personalized language experience provides a path through one of the major hurdles in global business – the language barrier. Now users can engage more fully in meetings, translating from English to 100+ other languages, enabling teams to communicate more effectively with each other, and opening new opportunities for businesses to build a more inclusive, global workforce.

For businesses, there’s a talent and cost benefit. The feature enables businesses to focus on finding the best talent regardless of wherever they call home or their native language. And a recent report from Metrigy on intelligent virtual assistants found that nearly 24% of participants have meetings that include non-English native speakers and of these, more than half have been using third-party services to translate meetings into other languages (incurring an average cost of $172 per meeting). Integrating intelligent virtual meeting assistants with language translation capabilities significantly reduces or even eliminates this cost entirely.

The expanded Real-Time Translation feature will be available in Webex as a preview starting this month and will be orderable and generally available in May.

One thing that you should note is that not all dialects are included in translation.

The Tech Support Scammers Known As People Connect Inc. Are Back…. And This Time They Have Hit A New Low….

Posted in Commentary with tags on March 2, 2021 by itnerd

I’ve previously written about the scumbags known as People Connect Inc. in the past. For those of you who are new here, they’re an Indian based group who perpetuate the tech support scam to extract money from their victims. I came across them a couple of years ago and have been keeping tabs on them ever since as their activities keep popping up in my inbox via people who are their victims. Quite frankly anyone associated with People Connect Inc. specifically, or anyone who does this sort of scam are equal to cockroaches and should be treated as such. As in they need to be exterminated with extreme prejudice.

This is why I feel this way.

Yesterday I got an email from a victim of People Connect Inc. that started out with the words “I wish I read your blog before I foolishly paid these people to fix my computer.” That’s never a good sign. Long story short, This person handed over her credit card info to have these low lives “fix” her computer. Which based on my previous experience with them, and as documented in my report above, they more likely created scenarios that looked like problems that they could “fix.” They then went away for a while and never charged the credit card. But they returned claiming that they wanted to “refund” whatever they supposedly charged to the credit card (Which according to the victim was nothing. My guess is that this was to gain their confidence) to fix some new problems. And demanded this person’s banking details to do it. When this person refused, the scumbag from People Connect Inc. got extremely abusive and then locked this person’s computer. By that I mean that her user account on her Windows 10 PC didn’t have a password, so they added one. And they likely installed remote access software to allow them to do it as I have seen People Connect Inc. do that in the past. Basically, what People Connect Inc. did is a low tech way of holding them hostage to get their banking details so that they could empty their bank account.

What a bunch of scumbags.

This person has since cancelled her credit card and is considering buying a new computer to get up and running again. A bit extreme in my opinion, but I can understand their viewpoint given what has happened to them. This person does have a backup of their data, so at least they won’t lose everything. But how recent that backup happens to be is an open question.

Now the first thing that I will highlight is the fact that this person’s Windows 10 user account didn’t have a password. While I understand that many of you out there want to be able to flip on your computer and bang out that email, you should never, ever compromise your security or it may not end well for you. You should always add a password to the user account that you set up, and you should never set it up to auto login. That way if you come across dirtbags like these, they can’t change your password because they would have to know your password to do it. Which they won’t. You can look at a tutorial like this to walk you through how best to set a password.

PRO TIP: If you want to be secure, you should have an administrative account and a user account. Both with administrative rights. That way if one account gets taken over, you can get back in and reset the password using the other account. And if you really want to be secure, you can set up the user account with less rights than the administrative account. It will be a pain to do anything like install software, but any miscreant who get control of the account won’t be able to do much of anything.

Now let’s say that you have had the user account locked out by scumbags like these. You could try and unlock your account using a method like the ones described here. Or if you are more IT savvy, you could try using the Microsoft Diagnostics And Recovery Toolset to unlock the account. But given the fact that dirtbags like these could have done anything, it may be better to have someone pop out the hard drive, recover your data, then reset the Windows OS back to the way it came out of the box, then reinstall your apps and restore your data (bonus points if you scan it for malware prior to doing that) so that you have no worries going forward.

But the best way to avoid all of this is to not be a victim in the first place. The big hint that this is a scam is that the scammers will likely be pretending they are calling from Microsoft or from “Windows,” “Windows Tech Support” or “Windows Service Center.” or even your ISP.

Fact: A legitimate company such as Microsoft, Apple, or Google would never call you in this manner. The exception might be your ISP. There’s a minute possibility that your ISP would call you if your computer has been infected with malware that could be sending out something from your computer. If a caller claims to be from your ISP, ask for the caller’s name, where his or her office is located, and for the office telephone number. Ask why you’re being contacted by telephone, what the issue with your computer is and how the ISP could tell it was your PC specifically that had a problem. If a call sounds legit, hang up and call the ISP yourself, then ask for the tech support department or for the person who called you specifically. Use a phone number listed on your ISP’s website or on your bill, not a number that the caller gave you. That way, you could confirm or deny if this is legit.

Now, if you get a call from a scammer like this. The best way to deal with them is to hang up. If you do that, then you will be safe. Period. End of sentence. But if what happens if you get fall for the scam? You need to act fast. First, shut down the computer. Then do this:

  1. First download and install legitimate antivirus software. Then, run a scan to see if anything has been left behind. Then change the passwords on the user accounts on your PC. You don’t have passwords on the user accounts? You should precisely for this reason. If you don’t feel comfortable doing any of these items, call an IT expert for help.
  2. If you gave the scammer your credit card number, then you really need to act fast. Call your credit card provider and either reverse the charges or cancel the card (my client did the latter).  Then you should also contact one of the three credit-reporting agencies. Namely Equifax, Experian or TransUnion and ask them to place a free 90-day credit alert on your file. For the record, Experian doesn’t operate in Canada but the other two do. The agency you contact will alert the others and you’ll be notified if someone tries to do something in your name.
  3. Report it. Microsoft has a Web page dedicated to reporting tech-support scams. The U.S. Federal Trade Commission has a website for fielding complaints, while the Canadian Anti-Fraud Center is the place to go if you’re in Canada.

There are lots of these tech support scams out there. But People Connect Inc. are the ones that I hear about the most. Clearly they put a lot more time and effort into stealing money from innocent victims than most other scammers of this type. I will continue to expose the activities of People Connect Inc. as well as any other low life dirtbags like these so that the public knows about these people and their illegal activities. And when the public knows about scumbags like People Connect Inc. the scam is way less effective which means that people can worry about one less thing to make their lives difficult.

UPDATE: The user was able to unlock her Windows account using the tips that I provided.

Google Voice Outage Caused By Expired Certificates…. REALLY?

Posted in Commentary with tags , on March 1, 2021 by itnerd

Back in mid February, Google Voice went down for about four hours. That left users unable to log in and use their Google Voice accounts. That’s a problem if you rely on Google Voice. And a lot of people and companies do given the times that we live in. Well, Google has released an incident report [Warning: PDF] and it is eyebrow raising. The outage was caused by expired TLS certificates:

Google Voice uses the Session Initiation Protocol (SIP) to control voice calls over Internet Protocol. During normal operation, Google Voice client devices aim to maintain continuous SIP connection to Google Voice services. When a connection breaks, the client immediately attempts to restore connectivity. All Google Voice SIP traffic is encrypted using Transport Layer Security (TLS). The TLS certificates and certificate configurations used by Google Voice frontend systems are rotated regularly.

Due to an issue with updating certificate configurations, the active certificate in Google Voice frontend systems inadvertently expired at 2021-02-15 23:51:00, triggering the issue. During the impact period, any clients attempting to establish or reestablish an SIP connection were unable to do so. These clients were unable to initiate or receive VoIP calls during the impact period. Client devices with an SIP connection that was established before the incident and not interrupted during the incident were unaffected.

And this is what they are going to do to stop this from happening again:

To guard against the issue recurring and to reduce the impact of similar events, we are taking the following actions:

  • Configure additional proactive alerting for upcoming certificate expiration events.
  • Configure additional reactive alerting for TLS errors in Google Voice frontend systems.
  • Improve automated tooling for certificate rotation and configuration updates.
  • Utilize more flexible infrastructure for rapid deployment of configuration changes.
  • Update resource allocation systems to more efficiently provision emergency resources during incidents.
  • Develop training and practice scenarios for emergency rollouts of Google Voice frontend systems and configurations.

Now I expect a small or medium company to have issues keeping track of when certificates that power their infrastructure expire. But for a company the size of Google to have this issue is mind blowing.

Chris Hickman, chief security officer at Keyfactor (www.keyfactor.com), a provider of cloud-first PKI as-a-Service and crypto-agility solutions has this to say:

An outage happens when expired certificates fail to authenticate or establish secure communication tunnels. A certificate expiration on its own is not necessarily a security response incident but is disruptive and can lead to outages like that experienced by Google Voice customers. Certificate expiration is an important mechanism to make sure certificates are still being issued to a valid system, similarly to why a driver’s license or passport needs to be renewed periodically. It offers a check and balance system, in the form of workflow and approvals, to maintain legitimacy and authorization. Changes implemented last year by the CA/B forum reduced the lifetime of an SSL/TLS certificate to 398 days and therefore has compounded the issue of keeping up with expiring certificates.

Recent research found that 73% of enterprise respondents experienced unplanned downtime and outages due to mismanaged digital certificates. More than half of those organizations said they experienced four or more certificate-related outages in the past two years. Service outages due to expired certificates are fairly common – and avoidable. Whether you’re a large enterprise or a small business, certificates expire. The key is maintaining visibility to every certificate on the network to stay ahead of expirations and renewals or better yet, using automation to ensure certificates are renewed prior to expiration without the need for human intervention.

These steps can help IT teams avoid similar outages and potential disruptions: 

  • Conduct an audit to understand how many digital certificates the organization has.
  • Build an inventory to identify where certificates live and what they’re used for. 
  • Document the hash algorithm they use and their overall health. 
  • Flag certificate expiration dates. 
  • Assign or note who owns every certificate.
  • Map the methods used to protect valuable code-signing certificates. 
  • Ensure a centralized method is used to securely update every certificate.”

Maybe Google should reach out to Keyfactor as clearly this is a weak point for them.

Kitchener Launches New Website & Customizable MyKitchener Portal

Posted in Commentary with tags on March 1, 2021 by itnerd

Today, the City of Kitchener launches its comprehensive new online experience for Kitchener residents, including a completely transformed website and new, cutting-edge online customer service portal called MyKitchener. The seamless integration between the new website, portal and City services reimagines how municipalities offer services online.

The MyKitchener portal is a home screen for every Kitchener resident, offering a personalized experience through a customizable collection of widgets – each with a modern design that scales to any size of device. These widgets let residents build a home screen with the information that matters to them – neighbourhood events, service notifications, opportunities to get more involved in the community. It’s a tool that becomes something unique for every family in Kitchener. With a secure MyKitchener account, residents can:

  • Customize their dashboard with content that is most important to the user
  • Receive notifications when new information is available on the portal, including snow events, skating and swimming events, road closures and more
  • View information about multiple properties in one place
  • View and pay property tax and utility bills
  • View road closures near their address
  • View upcoming swim times at their local pool
  • Find a time to skate at their local arena
  • View news and upcoming events
  • Watch a council meeting and download meeting minutes and agendas

The MyKitchener portal is the product of extensive public consultation with the local community. During the 2018 Customer Service Review, residents said they wanted to see more city services online and that they’d prefer to access and use them in a single place.

The City has also redeveloped its online presence from the ground up, incorporating best-in-class web design practices to give Kitchener residents the information they’re looking for right away. The MyKitchener experience includes a new website with plain language content. By lowering the reading level of the website from college to grade seven, the City is making their website more accessible and easier to understand. Content on the website is structured so that voice assistants like Siri, Alexa and Google can use website content to answer popular resident questions. The City hopes that their new website and MyKitchener portal will empower residents to self-serve on their schedule. 


The Digital Kitchener Lab at Communitech played a key role in supporting the design and user experience of MyKitchener. In the early days of the project, the Digital Kitchener lab hosted its first design sprint to explore ideas like voice to text search navigation, which is a new feature included in the website redesign based on user feedback. The design sprint offered a unique opportunity to prototype early concepts with residents before developing a full solution.

The website and MyKitchener portal are live, continuously evolving resources that will incorporate resident feedback, adapt to new programs and incorporate new features over time. The City is asking residents to participate in the ongoing development of the site and portal by registering an account and providing their feedback directly on the website or through the share feedback button inside the portal.

Residents can find the new website at www.kitchener.ca and create a MyKitchener account on the website or at mykitchener.kitchener.ca

TikTok Agrees To Settle 21 US Federal Lawsuits Related To Privacy

Posted in Commentary with tags on February 26, 2021 by itnerd

TikTok has agreed to settle 21 separate US federal lawsuits related to privacy. The lawsuits accused the company of “theft of private and personally identifiable data,” some of it from children as young as six years old. But before you say that this is a win for the little guy, it isn’t. NPR reports that the agreed amount of compensation for the privacy breaches is $92M, working out at a little over one dollar per user before legal costs. #Fail:

TikTok has agreed to pay $92 million to settle dozens of lawsuits alleging that the popular video-sharing app harvested personal data from users, including information using facial recognition technology, without consent and shared the data with third-parties, some of which were based in China.

The proposed settlement, which lawyers in the case have called among the largest privacy-related payouts in history, applies to 89 million TikTok users in the U.S. whose personal data was allegedly tracked and sold to advertisers in violation of state and federal law. 

“First, it provides compensation for TikTok users, but equally as important, it ensures TikTok will respect its users’ privacy going forward,” Katrina Carroll, one of the lawyers for TikTok users, said. “Social media seems so innocuous, but troubling data collection, storage, and disclosure can happen behind the scenes.”

The settlement is the result of 21 federal lawsuits filed mostly on behalf of minors — some as young as 6 years old — that claimed the company engaged in the “theft of private and personally identifiable TikTok user data.”

TikTok for its part released a statement that really doesn’t require me to say much of anything:

“Rather than go through lengthy litigation, we’d like to focus our efforts on building a safe and joyful experience for the TikTok community,” the spokesperson said.

I’ll say something anyway. That statement reads like “let’s pay as little as we can to sweep this under the rug and pretend that this never happened”. But maybe that’s the cynic in me making an appearance. One good thing to this settlement, TikTok has to alter its behavior:

Under the proposed terms of the settlement, TikTok will no longer record a user’s biometric information, including facial characteristics, nor track a user’s location using GPS data. TikTok also committed to stop sending U.S. users data overseas and the app said it would no longer collect data on draft videos before the content is published.

This still has to be approved by a judge, but while I am not a lawyer, I expect that to happen without drama. The fact is that TikTok settled this for pennies. The reality is that they really needed to be punished for their actions for more severely because you shouldn’t be allowed to take users data and do whatever you want with it. In short, TikTok got away with this.