Archive for Privacy

BREAKING: Ontario Science Center Has Had A Data Breach

Posted in Commentary with tags , , on October 28, 2019 by itnerd

Thanks to tip from a reader of this blog, it has come to my attention that the Ontario Science Center has apparently had a data breach according to this. What is weird about that statement is that it isn’t posted to the Ontario Science Center website. The reader in question got it in an email. Thus I suspect that the broader public doesn’t know as a quick browse of their website indicates that they haven’t posted anything in the public realm about this.

Anyway, here’s the key details:

On August 16, 2019, the Ontario Science Centre received notification from Campaigner that someone made a copy of the Science Centre’s subscriber emails and names without authorization. No other personal identification, financial information or passwords were accessed.

An investigation conducted by Campaigner revealed that the credentials of a former employee were used from July 23 to August 7 to access and download the information contained in the Science Centre’s client account. Upon learning of the breach, Campaigner immediately discontinued use of the credentials and implemented further measures to prevent a similar issue happening in the future. Campaigner also notified law enforcement and are assisting the authorities in finding the perpetrator.

So what that says right off the top is that the Ontario Science Center would have had no clue about this had Campaigner not pointed it out. That’s not how things should work kids. In any case, the statement has all the usual things that companies say when they’ve been pwned in some way. Including the fact that the  Information and Privacy Commissioner of Ontario has been contacted.

Yes, I am becoming a bit jaded because this sort of thing happens way too often.

It will be interesting to see if the Ontario Science Center will make a public disclosure beyond what they have already done. I’m keeping an eye out to see what happens next.

UPDATE: CBC News is now reporting on this. I don’t see any other media reports thus far.


Apple Stops Siri Listening Program While Google Told By Germans To Stop Their Listening Program

Posted in Commentary with tags on August 2, 2019 by itnerd

According to a new report from TechCrunch, Apple is putting a worldwide stop to a Siri audio grading program that made the news recently. Now I’ve written that the program isn’t unusual, and users agreed to that if they use Siri, and they told users about it. But I guess the blowback was too much for Apple to ignore. Thus they took this action and they will let users opt out of the program when it returns….. Whenever that is.

But what’s interesting about this development is that Google has had German regulators halt their version of this program. This suspension will last three months while the Germans have some fun with Google.

So that leaves Amazon being the odd people out when it comes to this topic. You have to wonder if they will proactively do something like Apple has done, or wait for someone to tell them to stop as is the case with Google.


Politicians Call For FaceApp To Be Investigated Citing National Security Concerns

Posted in Commentary with tags , on July 18, 2019 by itnerd

NBC is reporting that Senator Minority Leader Chuck Schumer has called for the FBI and FTC to investigate FaceApp, Not a shock given the privacy concerns that this app has generated over the last few days. That concern about national security is driven by the fact that the company at least in part is based in Russia. And anything Russian right now is bad. And thus must be investigated.

But there is more. CNN is reporting that the DNC has warned presidential candidates and campaign officials not to use the app. Clearly they think the app is bad. And I don’t blame them as I’ve been recommending that nobody use this app given the privacy concerns surrounding it.

I suspect that FaceApp is starting to wish that it were not such a viral success right now.

The Privacy Concerns Around FaceApp Are Not Going Away

Posted in Commentary with tags , on July 17, 2019 by itnerd

Earlier today, I posted a story on FaceApp and the fact that it has significant privacy concerns. And I recommended that you should avoid it.

I am now doubling down on that recommendation. Here’s why. Developer Joshua Nozzi posted this on Twitter today.

So this app grabs all your photos without your permission? This is mind blowing. But wait, that might be incorrect:

I encourage you to click on the tweet above to get the full picture of what this person is saying. But in short, FaceApp does not upload all your pictures. Or at least, it doesn’t appear to. But… It does use Facebook Accountkit for seamless login purposes. As it you can use your Facebook account to log in. Which doesn’t inspire confidence. Nevertheless, the fact that it isn’t clear what this app is doing or not doing is cause for concern.

The company clearly is feeling the heat because they responded to this crisis via TechCrunch today. I encourage you to read the full statement as it isn’t the most robust one that I have seen and leaves them with a bit of wiggle room. Plus they admit to having a R&D team in Russia, but no info is sent there. That’s something I find difficult to believe.

I’ll go back to what I said earlier today. Avoid FaceApp. Don’t use it. Don’t install it. Don’t go near it. Because given today’s events, it isn’t clear what this app is all about and if you are safe to use it.

Avoid FaceApp If You Want To Keep The Rights To Your Photos

Posted in Commentary with tags , on July 17, 2019 by itnerd

There’s a new app that is making waves called FaceApp. It’s available for iOS and Android, and it uses neural network technology to automatically generate highly realistic transformations of faces in photographs.The app can transform a face to make it smile, look younger, look older, or even change gender. Now it’s been around for a while, but has gone viral recently due to the addition of some new filters. But I would say don’t use it. Don’t go near it. Avoid it like it has the plague.

Why? Well, according to the Terms of Service laid out by FaceApp, users own all their own content. But when you dig deeper, they don’t own their own content. Here’s a link to their Terms Of Service where you will find this under section 5:

Our Services may allow you and other users to create, post, store and share content, including messages, text, photos, videos, software and other materials (collectively, “User Content”). User Content does not include user-generated filters. Except for the license you grant below, you retain all rights in and to your User Content, as between you and FaceApp. Further, FaceApp does not claim ownership of any User Content that you post on or through the Services.

You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.

You grant FaceApp consent to use the User Content, regardless of whether it includes an individual’s name, likeness, voice or persona, sufficient to indicate the individual’s identity. By using the Services, you agree that the User Content may be used for commercial purposes. You further acknowledge that FaceApp’s use of the User Content for commercial purposes will not result in any injury to you or to any person you authorized to act on its behalf. You acknowledge that some of the Services are supported by advertising revenue and may display advertisements and promotions, and you hereby agree that FaceApp may place such advertising and promotions on the Services or on, about, or in conjunction with your User Content. The manner, mode and extent of such advertising and promotions are subject to change without specific notice to you. You acknowledge that we may not always identify paid services, sponsored content, or commercial communications as such.

You represent and warrant that: (i) you own the User Content modified by you on or through the Services or otherwise have the right to grant the rights and licenses set forth in these Terms; (ii) you agree to pay for all royalties, fees, and any other monies owed by reason of User Content you stylize on or through the Services; and (iii) you have the legal right and capacity to enter into these Terms in your jurisdiction.

You may not create, post, store or share any User Content that violates these Terms or for which you do not have all the rights necessary to grant us the license described above. Although we have no obligation to screen, edit or monitor User Content, we may delete or remove User Content at any time and for any reason.

User Content removed from the Services may continue to be stored by FaceApp, including, without limitation, in order to comply with certain legal obligations. FaceApp is not a backup service and you agree that you will not rely on the Services for the purposes of User Content backup or storage. FaceApp will not be liable to you for any modification, suspension, or discontinuation of the Services, or the loss of any User Content.

So in short, if you make something in FaceApp, FaceApp can do whatever it wants with what you’ve made. And they don’t have to pay you for it even if they make money off of it. And they can keep the images for as long as they want. And even if you delete them off the service.


This is incredibly concerning due to the fact that this company wants to do whatever it wants with your content which 1000% wrong. If the bad press that this company is getting doesn’t convince them to change course on this, then perhaps they need to pulled in front of lawmakers to explain themselves as this is unacceptable. Until that happens, I would strongly suggest that you avoid this app.


Office365, Google Docs, And iWork Verboten From Some German Schools

Posted in Commentary with tags , , , , on July 15, 2019 by itnerd

Privacy regulators in Germany have ruled out the use of Office 365, Google Docs or Apple’s iWork suite citing privacy concerns over the way these cloud services work. TNW reports the following:

Microsoft’s cloud services has run into a fresh roadblock in Germany, after the state of Hesse ruled it is illegal for its schools to use Office 365 citing “privacy concerns.”

The Hesse Commissioner for Data Protection and Freedom of Information (HBDI) ruled that using the popular cloud platform’s standard configuration exposes personal information about students and teachers “to potential access by US authorities.”


The use of cloud applications by schools is generally not a data protection problem. Many schools in Hesse are already using cloud solutions. Whether, for example, the learning platform or the electronic class book: Schools can use digital applications in compliance with data protection, as far as the security of the data processing and the participation of the pupils is guaranteed.

The core issue is that telemetry data is sent out of Germany to the US, and this can include personal data.

This information can include anything from regular software diagnostic data to user content from Office applications, such as email subject lines and sentences from documents where the company’s translation or spellchecker tools were used.

Collection of such information is a violation of GDPR laws that came into effect last May.

And what makes the situation worse is that switching away from Microsoft to a Google or Apple solution is not possible:

What is true for Microsoft is also true for the Google and Apple cloud solutions. The cloud solutions of these providers have so far not been transparent and comprehensibly described. Therefore, it is also true that for schools the privacy-compliant use [of these alternatives] is currently not possible.

Thus schools have to run local copies of these apps and store data locally. Although the ruling has so far been made by only one state in Germany, it seems likely that the same issue would apply across the country. That means that Microsoft, Google and Apple will have to address this quickly to avoid a blanket ban across Germany.

#PSA: Your Devices Can Be Searched And Seized By CBSA Without A Warrant

Posted in Commentary with tags , on May 6, 2019 by itnerd

I’ve written about the fact that CBSA or the Canada Border Services Agency can search and seize electronic devices such as cell phones and laptops. Often without a warrant or even a reason. This was highlighted when this CBC News story came to light where a lawyer returning to Canada from South America had his laptop and phone seized because he wouldn’t hand over the password so that they could troll them for reason unknown.

I’m not going to debate whether this is right or not. Though I will say that perhaps it would be wise for these laws need to be reviewed. but what can you do to protect yourself from this. I’d take the advice that I gave in this article that I wrote about crossing the US border with your devices. The fact is that CBSA can search of your devices for no reason whatsoever. That means that you need to protect yourself and your data from loss. The fact is that while you can replace your phone/computer, as well as complain about this, you can’t replace your data.