Items tagged with Privacy

Yesterday, we brought you news that the TikTok app has been doing some shady things behind the scenes with devices running iOS. Following the release of the first iOS 14 beta, it was discovered that TikTok was pinging the system clipboard constantly and pasting that data for its own use. Without the steady stream of pop-up notifications about clipboard access being presented to endusers -- which is a new feature in iOS 14 to help spot any potential privacy violations -- most people wouldn't have even known about TikTok's nefarious behavior, which developer ByteDance said was in place to "identify repetitive, spammy behavior." However, this isn't the first time that the TikTok app has... Read more...
TikTok has taken the world by storm as people of all ages uses the social networking platform to share videos. People use the platform to lip-sync to their favorite songs, perform short skits, or any number of humorous hijinks that the platform has been recognized for over the past year. It’s become a blockbuster app that is especially popular with the young adults. However, users have raised privacy concerns about the app ever since it launched in the United States, with many questioning whether the Chinese government was somehow using the app to spy on Americans. Today, TikTok isn’t doing itself any favors in assuaging those fears after it was found that the app has been accessing... Read more...
The main draw of using WhatsApp is enhanced privacy through end-to-end encryption, followed by its popularity—more than 2 billion people in over 180 countries use the instant messaging service. This also makes privacy and security lapses all the more glaring, when they are found. And according to a security who unsuccessfully tried to collect a bug bounty, there is a "privacy issue" that needs addressed. At the center of the issue is the application's 'click to chat' feature. "WhatsApp's click to chat feature allows you to begin a chat with someone without having their phone number saved in your phone's address book. As long as you know this person’s phone number and they have an... Read more...
Google faces a proposed class action lawsuit seeking at least $5 billion in damages over its data collection policies tied with its Chrome browser, and specifically the browser's Incognito mode. According to the lawsuit, Google engages in "surreptitious tracking" by collecting browser histories and other web activity "no matter what safeguards consumers undertake to protect their data privacy." Part of what makes the lawsuit interesting is it alleges Google is running afoul of federal and California state laws on wiretapping. "Google must be held accountable for the harm it has caused to its users in order to ensure it cannot continue to engage in the covert and unauthorized data collection from... Read more...
Is your smartphone’s lock screen protected by the 4th Amendment of the United States Constitution? A recent court case in Washington state argued that activating a person’s lock screen could potentially count as a “search”. Lock screens are therefore protected from “unreasonable searches and seizures” and law enforcement must have a search warrant. The court case focused on the constitutional rights of Joseph Sam. Sam was arrested by officers from the Tulalip Police Department in May 2019. One of the officers powered on Sam’s Motorola smartphone. The officer did not attempt to unlock the device or force Sam to do so. The Federal Bureau of Investigation... Read more...
Google has announced that it has begun the rollout of new tools and a redesign of the Chrome web browser's privacy and security settings on desktop. The goal is to give users more control over their safety on the web. Among the updated controls are easier to manage cookies allowing users to choose if and how cookies are used by websites they visit. The browser now has the ability to block third-party cookies in regular or incognito mode and block all cookies on some websites. Updated Site Settings include reorganized controls in two distinct sections with the intent of making it easier to find the most sensitive website permissions. The sensitive website permissions include access to your location,... Read more...
Earlier this month, Zoom proudly announced via a blog post that it has surpassed the 300 million daily active users (DAU), crowing that “more than 300 million people around the world are using Zoom during this challenging time.” It was an impressive figure for a company that is challenging the likes of Google, Microsoft, and Facebook for dominance in the video conferencing sector. But as it turns out, that number was bogus, and Zoom tried to quietly walk back the 300 million DAU figure by removing it from the original blog post. The only problem, however, is that the tally had already been widely reported, and The Verge noticed that the blog had been... Read more...
Users have been having a love-hate relationship with Zoom, the popular video conferencing application that has a seen a surge in activity since the COVID-19 outbreak. The startup was not quite prepared for the influx of mainstream users, and Zoom's CEO admitted to some security and privacy "missteps." Some of those have been addressed in a new Zoom 5.0 software update. The update is part of Zoom's previously announced 90-day plan to identify and address security and privacy issues. Part of that entails adding support for AES 256-bit GCM encryption. It's still end-to-end encryption, but should make Zoom meetings more secure. “I am proud to reach this step in our 90-day plan, but this is... Read more...
You may have noticed that Mozilla has begun pushing out a new version of its Firefox browser. Build 75 started to go out earlier this week (you can initiate an upgrade by going clicking on the three vertical lines in the upper-right corner and navigating to Help > About Firefox), and with it comes scheduled telemetry. Let's discuss what exactly is going on, and how you can disable this new function (if you so desire). This is something Mozilla outlined in March, with the browser maker saying its daily data collection is designed to "ensure we can understand default browser trends in a way that helps us improve Firefox." Incidentally, Microsoft's Edge browser (now powered by Chromium, the same... Read more...
In some ways, these are unprecedented times, resulting in a dramatic rise in the use of video conferencing software. Many people working from (or stuck at) home have turned to Zoom, and the sudden influx exposed some security and privacy issues. In the wake of it all, Microsoft is reminding users of its Teams software, while emphasizing its "commitment to privacy and security." Jared Spataro, corporate vice president for Microsoft 365, wrote a blog post on the subject, assuring users that "privacy and security are never an afterthought" at Microsoft. Some may view that as a subtle (or maybe not-so-subtle) dig at Zoom. I'm not entirely sure if that is how it was meant to come across, but it's... Read more...
Some school districts have reportedly banned the use of Zoom over security and privacy concerns, as weaknesses in the software have come to light in recent weeks. Speaking to those concerns, Zoom founder and CEO Eric Yuan admitted the startup "moved too fast" in light of the COVID-19 outbreak and "had some missteps." Complaints have ranged from security flaws that could potentially expose a user's Windows login credentials and shady data collection practices (which Zoom later apologized for), to having sessions disrupted by hackers. Known as "Zoombombing," this often results in a hacker displaying pornographic or racist images, along with using threatening language. It is easy to see why school... Read more...
A security researcher who discovered a over half a dozen zero-day vulnerabilities in the Safari browser has lined his pockets with $75,000, courtesy of Apple's bug bounty program. Left unaddressed, a few of the vulnerabilities could allow an attacker to hijack the webcam on Mac systems, as well as iPhone and iPad devices. Ryan Pickren detailed the vulnerabilities in a pair of blog posts. He found seven in total (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787), three of which were directly related to potentially taking over the webcam or camera on macOS and iOS devices. "If a malicious website strung these issues together, it could... Read more...
Google Chrome is the popular browser on the planet, and the search giant is always looking for ways to add features and improve security across the board. The latest new feature being introduced to Chrome is an expansion of the existing Guest mode. It’s called "Default to Guest" mode and is primarily aimed at power users. Default to Guest mode provides what Google describes as a "stateless browsing experience from session to session" that is enabled every time you open a browser session, rather than you having to select "Guest" from the profile icon in the UI. Once you close out your browsing session, all of your cookies, site data, and browsing history are automatically deleted. This mode... Read more...
Whisper is an app that was meant to allow users to anonymously share highly intimate details on their sexual preferences and other data without other users knowing who they really were. The app has been confirmed to have leaked personal information online that was tied to the location of the user. The leaked messages were publicly viewable until a major news outlet contacted Whisper before running a story on the breach. Ironically, Whisper calls itself the "safest place on the Internet" and claims to have hundreds of millions of users. For years the app left intimate confessions exposed on the Web that were tied to the posters age, location, and other details. The concern for these intimate details... Read more...
Bicyclist Zachary McCoy found himself at the center of a police investigation thanks to his Android phone's location-tracking information. McCoy was riding his bicycle while using fitness tracking app RunTracker to record his rides. The man says that one Tuesday afternoon in January, he received an email from Google's legal investigation support team alerting him that local police had requested information related to his Google account. Zachary McCoy found himself the target of a police investigation - Image Credit: NBC News Google warned McCoy that it would release the information the police were requesting unless he went to court and tried to block it within seven days. McCoy said that he had... Read more...
At this point in time it is no secret that the United States National Security Agency (NSA) is able to access citizen’s phone calls and text messages. But has the NSA’s various surveillance programs yielded any results? It was recently revealed that the USA Freedom Act of 2015 has cost taxpayers over $100 million USD but has only led to one noteworthy investigation. The USA Freedom Act of 2015 was originally passed to modify the controversial Patriot Act. One of the purposes of the act was to limit the amount of data that the NSA received from telecommunication companies like AT&T and Verizon. However, these telecommunication companies continued to share mass amounts of data,... Read more...
A few days ago, some Samsung device owners reported receiving a mysterious "1/1" push notification on their smartphones, from the company's Find my Mobile app. Initially, Samsung explained it as a "message sent unintentionally during internet test[ing]" and said there was "no effect" on user's devices. However, Samsung now admits the notification compromised personal data belonging to a "small number" of users. The notification itself was rather benign, and the result of a "technical error." That should have been the end of it. Unfortunately, some users discovered that when they went into their Samsung accounts to change their passwords (erring on the side of caution), they could see other people's... Read more...
WhatsApp is popular because its end-to-end encryption gives users warm fuzzies over the privacy and security of their chats. However, the chat messaging application might not be quite as secure or private as you thought (or at least that was the case). That's because Google had been indexing links to group chats, which in turn allowed any Joe or Jane to join and see potentially private information. Apparently this had been going on for several years. As a result, there were hundreds of thousands of indexed chat group links on the web, all of which were a simple Google search away. Your WhatsApp groups may not be as secure as you think they are. The "Invite to Group via Link" feature allows groups... Read more...
Another day, another data privacy flub, and this time it's from Google. Google Takeout is a service that allows users to download their data from Google apps as a backup or to use it with another service. That sounds good on the surface until, somehow, Google managed to send backed up videos to unrelated users. Google began warning users of impacted accounts this week. Google is calling sending videos to the wrong person a "technical issue," and the letter sent to users notes that between November 21-25, 2019, anyone who requested a backup could have had videos in Google Photos "incorrectly exported to unrelated users' archives." A letter sent out to some users didn't specify how many videos... Read more...
Earlier this week, we reported that Avast was under fire for its data privacy policies (or lack thereof) for its free antivirus software. Through its subsidiary Jumpshot, Avast sold vast amounts of user data to big name customers like Google and Microsoft (among others). Although Avast claimed that the data that it obtained and transmitted to these companies via Jumpshot was "fully de-identified and aggregated", it was rather easy to piece the data together including a user's device ID, time stamps, and other pertinent details to track a person across the web. "Maybe the (Jumpshot) data itself is not identifying people," said privacy researcher Gunes Acar earlier this week in reference... Read more...
The University of Missouri (MU) is deploying a new student tracking application that runs on a smartphone. The app, SpotterEdu, is designed to measure and enforce class attendance. Reports indicate that the tracking app is required for all student-athletes, but is optional for all other students. MU says that participation was offered to fewer than 2% of MU students during the pilot phase and is completely optional. For students who don't want to check-in using the app, they can use an alternate method, like signing an attendance sheet.  SpotterEDU is an app that was developed by a former basketball coach, and can monitor attendance by pinpointing students in the classroom and... Read more...
Facebook founder and CEO Mark Zuckerberg published an article today that says one of the main goals of the social network in 2020 is to build "much stronger privacy protections for everyone on Facebook." Zuckerberg says that Facebook knows it has a lot of work to do in that realm, which is why it's making it a priority not only for the teams at Facebook but for Zuckerberg personally. Since today is Data Privacy Day, Zuckerberg says that he wanted to share some of the work his company is doing to give users more control over privacy both on and off Facebook. Over the next few weeks, Facebook will start showing nearly 2 billion people around the world a prompt encouraging them to review privacy... Read more...
1 2 3 4 5 Next ... Last