Privacy | The IT Nerd

Archive for Privacy

Apple Stops Siri Listening Program While Google Told By Germans To Stop Their Listening Program

Posted in Commentary with tags Privacy on August 2, 2019 by itnerd

According to a new report from TechCrunch, Apple is putting a worldwide stop to a Siri audio grading program that made the news recently. Now I’ve written that the program isn’t unusual, and users agreed to that if they use Siri, and they told users about it. But I guess the blowback was too much for Apple to ignore. Thus they took this action and they will let users opt out of the program when it returns….. Whenever that is.

But what’s interesting about this development is that Google has had German regulators halt their version of this program. This suspension will last three months while the Germans have some fun with Google.

So that leaves Amazon being the odd people out when it comes to this topic. You have to wonder if they will proactively do something like Apple has done, or wait for someone to tell them to stop as is the case with Google.

Politicians Call For FaceApp To Be Investigated Citing National Security Concerns

Posted in Commentary with tags FaceApp, Privacy on July 18, 2019 by itnerd

NBC is reporting that Senator Minority Leader Chuck Schumer has called for the FBI and FTC to investigate FaceApp, Not a shock given the privacy concerns that this app has generated over the last few days. That concern about national security is driven by the fact that the company at least in part is based in Russia. And anything Russian right now is bad. And thus must be investigated.

But there is more. CNN is reporting that the DNC has warned presidential candidates and campaign officials not to use the app. Clearly they think the app is bad. And I don’t blame them as I’ve been recommending that nobody use this app given the privacy concerns surrounding it.

I suspect that FaceApp is starting to wish that it were not such a viral success right now.

The Privacy Concerns Around FaceApp Are Not Going Away

Posted in Commentary with tags FaceApp, Privacy on July 17, 2019 by itnerd

Earlier today, I posted a story on FaceApp and the fact that it has significant privacy concerns. And I recommended that you should avoid it.

I am now doubling down on that recommendation. Here’s why. Developer Joshua Nozzi posted this on Twitter today.

BE CAREFUL WITH FACEAPP – the face aging fad app. It immediately uploads your photos without asking, whether you chose one or not. https://t.co/LlqkDpy4ZO

— Joshua Nozzi 🇺🇸👨🏻‍💻 ⚣ (@JoshuaNozzi) July 16, 2019

So this app grabs all your photos without your permission? This is mind blowing. But wait, that might be incorrect:

There is few calls to their backends:
– Get hosts
– Get demo data
– Register your device

4/n pic.twitter.com/fW6K2yqpRr

— Elliot Alderson (@fs0c131y) July 16, 2019

I encourage you to click on the tweet above to get the full picture of what this person is saying. But in short, FaceApp does not upload all your pictures. Or at least, it doesn’t appear to. But… It does use Facebook Accountkit for seamless login purposes. As it you can use your Facebook account to log in. Which doesn’t inspire confidence. Nevertheless, the fact that it isn’t clear what this app is doing or not doing is cause for concern.

The company clearly is feeling the heat because they responded to this crisis via TechCrunch today. I encourage you to read the full statement as it isn’t the most robust one that I have seen and leaves them with a bit of wiggle room. Plus they admit to having a R&D team in Russia, but no info is sent there. That’s something I find difficult to believe.

I’ll go back to what I said earlier today. Avoid FaceApp. Don’t use it. Don’t install it. Don’t go near it. Because given today’s events, it isn’t clear what this app is all about and if you are safe to use it.

1 Comment »

Avoid FaceApp If You Want To Keep The Rights To Your Photos

Posted in Commentary with tags FaceApp, Privacy on July 17, 2019 by itnerd

There’s a new app that is making waves called FaceApp. It’s available for iOS and Android, and it uses neural network technology to automatically generate highly realistic transformations of faces in photographs.The app can transform a face to make it smile, look younger, look older, or even change gender. Now it’s been around for a while, but has gone viral recently due to the addition of some new filters. But I would say don’t use it. Don’t go near it. Avoid it like it has the plague.

Why? Well, according to the Terms of Service laid out by FaceApp, users own all their own content. But when you dig deeper, they don’t own their own content. Here’s a link to their Terms Of Service where you will find this under section 5:

Our Services may allow you and other users to create, post, store and share content, including messages, text, photos, videos, software and other materials (collectively, “User Content”). User Content does not include user-generated filters. Except for the license you grant below, you retain all rights in and to your User Content, as between you and FaceApp. Further, FaceApp does not claim ownership of any User Content that you post on or through the Services.

You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.

You grant FaceApp consent to use the User Content, regardless of whether it includes an individual’s name, likeness, voice or persona, sufficient to indicate the individual’s identity. By using the Services, you agree that the User Content may be used for commercial purposes. You further acknowledge that FaceApp’s use of the User Content for commercial purposes will not result in any injury to you or to any person you authorized to act on its behalf. You acknowledge that some of the Services are supported by advertising revenue and may display advertisements and promotions, and you hereby agree that FaceApp may place such advertising and promotions on the Services or on, about, or in conjunction with your User Content. The manner, mode and extent of such advertising and promotions are subject to change without specific notice to you. You acknowledge that we may not always identify paid services, sponsored content, or commercial communications as such.

You represent and warrant that: (i) you own the User Content modified by you on or through the Services or otherwise have the right to grant the rights and licenses set forth in these Terms; (ii) you agree to pay for all royalties, fees, and any other monies owed by reason of User Content you stylize on or through the Services; and (iii) you have the legal right and capacity to enter into these Terms in your jurisdiction.

You may not create, post, store or share any User Content that violates these Terms or for which you do not have all the rights necessary to grant us the license described above. Although we have no obligation to screen, edit or monitor User Content, we may delete or remove User Content at any time and for any reason.

User Content removed from the Services may continue to be stored by FaceApp, including, without limitation, in order to comply with certain legal obligations. FaceApp is not a backup service and you agree that you will not rely on the Services for the purposes of User Content backup or storage. FaceApp will not be liable to you for any modification, suspension, or discontinuation of the Services, or the loss of any User Content.

So in short, if you make something in FaceApp, FaceApp can do whatever it wants with what you’ve made. And they don’t have to pay you for it even if they make money off of it. And they can keep the images for as long as they want. And even if you delete them off the service.

#EpicFail

This is incredibly concerning due to the fact that this company wants to do whatever it wants with your content which 1000% wrong. If the bad press that this company is getting doesn’t convince them to change course on this, then perhaps they need to pulled in front of lawmakers to explain themselves as this is unacceptable. Until that happens, I would strongly suggest that you avoid this app.

2 Comments »

Office365, Google Docs, And iWork Verboten From Some German Schools

Posted in Commentary with tags Apple, Germany, Google, Microsoft, Privacy on July 15, 2019 by itnerd

Privacy regulators in Germany have ruled out the use of Office 365, Google Docs or Apple’s iWork suite citing privacy concerns over the way these cloud services work. TNW reports the following:

Microsoft’s cloud services has run into a fresh roadblock in Germany, after the state of Hesse ruled it is illegal for its schools to use Office 365 citing “privacy concerns.”

The Hesse Commissioner for Data Protection and Freedom of Information (HBDI) ruled that using the popular cloud platform’s standard configuration exposes personal information about students and teachers “to potential access by US authorities.”

And:

The use of cloud applications by schools is generally not a data protection problem. Many schools in Hesse are already using cloud solutions. Whether, for example, the learning platform or the electronic class book: Schools can use digital applications in compliance with data protection, as far as the security of the data processing and the participation of the pupils is guaranteed.

The core issue is that telemetry data is sent out of Germany to the US, and this can include personal data.

This information can include anything from regular software diagnostic data to user content from Office applications, such as email subject lines and sentences from documents where the company’s translation or spellchecker tools were used.

Collection of such information is a violation of GDPR laws that came into effect last May.

And what makes the situation worse is that switching away from Microsoft to a Google or Apple solution is not possible:

What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensibly described. Therefore, it is also true that for schools the privacy-compliant use [of these alternatives] is currently not possible.

Thus schools have to run local copies of these apps and store data locally. Although the ruling has so far been made by only one state in Germany, it seems likely that the same issue would apply across the country. That means that Microsoft, Google and Apple will have to address this quickly to avoid a blanket ban across Germany.

#PSA: Your Devices Can Be Searched And Seized By CBSA Without A Warrant

Posted in Commentary with tags Canada, Privacy on May 6, 2019 by itnerd

I’ve written about the fact that CBSA or the Canada Border Services Agency can search and seize electronic devices such as cell phones and laptops. Often without a warrant or even a reason. This was highlighted when this CBC News story came to light where a lawyer returning to Canada from South America had his laptop and phone seized because he wouldn’t hand over the password so that they could troll them for reason unknown.

I’m not going to debate whether this is right or not. Though I will say that perhaps it would be wise for these laws need to be reviewed. but what can you do to protect yourself from this. I’d take the advice that I gave in this article that I wrote about crossing the US border with your devices. The fact is that CBSA can search of your devices for no reason whatsoever. That means that you need to protect yourself and your data from loss. The fact is that while you can replace your phone/computer, as well as complain about this, you can’t replace your data.

Popular iPhone Apps Secretly Record Your Screen for Analytics Purposes….. With No Way To Detect That It Is Happening

Posted in Commentary with tags Apple, Privacy on February 7, 2019 by itnerd

A rather scary report from TechCrunch details that popular iPhone apps may be secretly recording your screen for analytics purposes. As in they captures detailed data like taps, swipes, and even screen recordings without your knowledge. These apps use an API (application programming interface) called Glassbox to do this and details on what they do can be found here. Apps that are known to do this include:

Abercrombie & Fitch
Hotels.com
Air Canada
Hollister
Expedia
Singapore Airlines

So if you have any of those apps on your phone, I’d be wondering if they should stay on your phone. That’s because in the case of the Air Canada app, it doesn’t properly mask data that’s recorded. Which means it is exposing information like passport numbers and credit card information. Which makes this a good time to point out that Air Canada was recently pwned by hackers with their app being the source of the pwnage of passport data among other types of data. So clearly the fact that a company could record your screen secretly has huge ramifications.

What makes this worse is that all of the apps have a privacy policy, but not one makes it clear that they’re recording a user’s screen. Not only that, iOS doesn’t alert you that this is going on with a dialog box that states an app wants control of the screen. Which means if this had not hit the news, nobody would ever know this was going on. But now that this is out there, you can expect a lot of people to start asking questions. And that will likely include Apple as I am going to go out on a limb and say that they’re going to look at what Glassbox does and come up with counter measures to it. In the meantime, these guys aren’t the only ones doing this:

Glassbox is one of many session replay services on the market. Appsee actively markets its “user recording” technology that lets developers “see your app through your user’s eyes,” while UXCam says it lets developers “watch recordings of your users’ sessions, including all their gestures and triggered events.” Most went under the radar until Mixpanel sparked anger for mistakenly harvesting passwords after masking safeguards failed.

It’s not an industry that’s likely to go away any time soon — companies rely on this kind of session replay data to understand why things break, which can be costly in high-revenue situations.

Thus, consider yourself warned. And hopefully someone comes up with a way to identify apps that use this tech so that I can punt them off my phone forever.

UPDATE: Here’s a video that shows what the Air Canada app records: