Archive for Privacy

Apple, Google, Microsoft To World: We Don’t Scan Email Like Yahoo Does

Posted in Commentary with tags , , , on October 5, 2016 by itnerd

Yesterday, when I posted this story on Yahoo’s massive e-mail scanning program, I wondered how many other companies did the same thing. Well, Apple, Google and Microsoft have now gone on record to day that they don’t. Mostly. Let’s start with Google via a story from Vocativ:

We’ve never received such a request, but if we did, our response would be simple: ‘no way’

Microsoft in the same story said this:

We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo.

Apple really didn’t have much to say, other than to have you refer to CEO Tim Cook’s official letter on consumer privacy which says this in part:

I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will.

Other companies such has Facebook and Twitter said similar things. Now that sounds all warm and fuzzy on the surface. But I want to point this out to you. We don’t know if these companies have ever been approached to do something like this. That would add a lot of colour to this story. I wonder if these companies will come clean at some point.



Should You Be Compelled To Give Up Your Smartphone Password?

Posted in Commentary with tags , on August 18, 2016 by itnerd

This is a question that Canadians will now have to wrestle with as two things have happened to bring this issue to light. First was the fact that a man who had refused to serve up his smartphone password to Canadian Border officials was fined $500 after pleading guilty this week. The second is the fact that Canadian Chiefs Of Police want the Canadian Government to give them the right to compel smartphone owners to serve up their passwords as current laws on the books don’t give them that right.

Thus this question is a top of mind one. Now on one hand, I do not want anything getting in the way of law enforcement catching the bad guys. Thus I can understand why compelling smartphone users to hand over passwords makes sense. Having said that, I also think there have to be limits on this to stop anything that could be considered unreasonable search and seizure. For example, there would have to be judicial oversight to ensure that that doesn’t happen. Plus there are those who would argue that the privacy of the individual trumps all of this.

This is a complex issue and I’d be interested to hear what your thoughts are on this. Please leave a comment below to share your thoughts on this topic.

Tech Companies Thumb Noses At FBI By Increasing Encryption

Posted in Commentary with tags on March 15, 2016 by itnerd

It seems that the battle between the FBI and Apple has made some tech companies rethink how much encryption they use in their products. I say that because The Guardian is reporting that the following is happening:

  • Facebook owned WhatsApp will be expanding encryption to its voice calls and group messaging within the next few weeks.
  • Snapchat is also working on a secure messaging system.
  • Google is exploring how to take advantage from the the technology behind its encrypted email project.

I’m sure that people at the FBI aren’t thrilled by this at all. One wonders what the response from the FBI will be? As in, will we see these companies in court just like Apple is at present? Stay tuned!

Vizio Smart TVs Watch You While You Watch Them….. And They Then Send That Info To Third Parties

Posted in Commentary with tags on November 15, 2015 by itnerd

This is another example of why I will never have a smart TV in my condo. If you have a Vizio Smart TV in your house, it has been revealed that there’s a feature called “Smart Interactivity” that watches what you’re watching and offers that information to advertisers. Here’s what’s really bad about this feature:

The tracking — which Vizio calls “Smart Interactivity” — is turned on by default for the more than 10 million Smart TVs that the company has sold. Customers who want to escape it have to opt-out.

Having to opt out of something is the wrong way for features like this to work as the company behind the feature is hoping that you won’t do that either because you won’t notice or you forget to do so. They should always be opt in as that gives you control and a whole lot more trust between the user and the company.

Vizio had this to say:

In a statement, Vizio said customers’ “non-personal identifiable information may be shared with select partners … to permit these companies to make, for example, better-informed decisions regarding content production, programming and advertising.”

It’s still a bit of a privacy violation, no matter how you spin it. Now this isn’t the first time that companies that make smart TVs have been caught doing something like this. Samsung and LG have been caught doing this sort of thing as well. Thus until these companies and other companies who make smart TVs get a clue about the fact that privacy is paramount, you’ll never see me own one.

Facebook Wants To Troll Your Camera To Find Your Friends….. Holy Lack Of Privacy!

Posted in Commentary with tags , on November 10, 2015 by itnerd

I’m not on Facebook. Why? Because when you’re on Facebook, you’re the product as it mines virtually everything that you do so that it can sell that data to whomever wants it. I don’t like to be the product. This is being reinforced by the fact that Facebook is testing a feature in its Android app that will scan a user’s recent images for photos that look like their friends. If it spots a match, it’ll ask if the photos should be shared with other people in them. This little tidbit popped up in, to nobody’s surprise, a Facebook post from David Marcus who is the VP of Messaging Products for Facebook that linked to a Tech Crunch article. For whatever reason, Australian users get this feature first, then iOS users will join their Android brothers in having this feature by the end of the week. At that point, assuming that some really wicked backlash over this really intrusive feature doesn’t take place, the US and then the rest of the planet will get this feature. Sure they will have the obligatory opt-out feature. But I’ve always argued that features should be opt-in as that gives you choice and control.

I’m glad I’m not on Facebook.

Apps On Apple App Store Found To Be Harvesting User Data

Posted in Commentary with tags , on October 20, 2015 by itnerd

One of the advantages of using the Apple App Store over any other app store is that Apple is supposed to tightly control everything so that users don’t have the sort of security issues that are often found on Android competing platforms. That theory was shot out of the sky when it was found that 250 or so apps had APIs that harvested user data:

We found four main groups of private APIs these apps are calling:

  1. Enumerate the list of installed apps or get the frontmost app name
  2. Get the platform serial number
  3. Enumerate devices and get serial numbers of peripherals
  4. Get the user’s AppleID (email)

Since we also identify SDKs by their binary signatures, we noticed that these functions were all part of a common codebase, the Youmi advertising SDK from China.

Lovely. Apple was quick to respond to this:

“We’ve identified a group of apps that are using a third-party advertising SDK, developed by Youmi, a mobile advertising provider, that uses private APIs to gather private information, such as user email addresses and device identifiers, and route data to its company server. This is a violation of our security and privacy guidelines. The apps using Youmi’s SDK will be removed from the App Store and any new apps submitted to the App Store using this SDK will be rejected. We are working closely with developers to help them get updated versions of their apps that are safe for customers and in compliance with our guidelines back in the App Store quickly.”

That’s great, but they should not have made it onto the App Store in the first place. Apple really needs to look at their processes to stop something like this from happening again.

As for Youmi who is the group behind these APIs, they had this to say:

The advertising company, closely held Guangzhou Youmi Mobile Technology Co., said in a statement posted Tuesday on its website that it offered “sincere apologies” after Apple said it had removed offerings from the App Store that were found to be collecting and extracting email addresses, device identification and other private information.

You’ll excuse me if I don’t exactly feel warm and fuzzy after that apology.

One has to wonder how many more apps on the App Store have something like this embedded in them? Or worse?

Airline Boarding Passes Contain A Ton Of Info About YOU

Posted in Commentary with tags on October 7, 2015 by itnerd

Here’s a lawsuit that’s waiting to happen.

Security expert Brian Krebs explained yesterday that by using an easily available online barcode reader to scan an airplane boarding pass, attackers can retrieve a person’s name, frequent flyer number, and record locator (which is information needed to access an individual’s account and details of past and upcoming flights), phone numbers, and billing information, along other items. I would strongly suggest that you read his article, and perhaps shred that boarding pass after you complete your flight. These days, you can’t be too careful.