Items tagged with Privacy

In the past, there have been some big slip-ups when commentators did not know that they were on-air and began speaking their mind to other people. This seems to have happened again at the Tokyo Olympics when an Italian TV announcer did not realize he was live on-air when he asked for his computer password. Posted to Twitter yesterday by cybersecurity associate professor Stefano Zanero from the Polytechnic University of Milan, the clip has amassed thousands of likes, retweets, and views. In the video during the Turkey-China volleyball game, the announcer asked, in Italian, "Do you know the password for the computer in this commentator booth?" La prossima volta che sentite chiacchierare di sofisticatissime... Read more...
Late last week, it was revealed that a global spyware campaign was targeting politicians, activists, and journalists worldwide. Initially, the company behind the software for spying, NSO Group, was blamed for the data leak and supplying its software to authoritarian regimes. However, NSO Group has since rejected these claims to try and deflect rather than publicly investigate what has happened. Published yesterday, a news article called "Enough Is Enough!" was posted on NSO Group's website. Within this article, the company explained that the spyware concern was a "planned and well-orchestrated media campaign lead by Forbidden Stories" and then "pushed by special interest groups." Subsequently,... Read more...
You’ve got mail! Upon opening and reading an email, it is almost as if someone is looking over your shoulder and making notes about how you are reading, where you are, and what time you saw the email. However, email should be more private than it is, so privacy-focused company DuckDuckGo is introducing “email protection,” a new feature that will sift through your emails and pull-out trackers embedded within. When it comes to receiving an email, the sender or any companies in between can embed trackers into the email that allows ads to be targeted. However, other data could leak through this, such as your email address, which is not great for privacy. Thus, DuckDuckGo’s... Read more...
Just on the heels of Microsoft taking on the cyberweapons market and malware found targeting journalists and politicians, a new cyberweapon has been discovered in a similar fashion. Targeting thousands of activists, journalists, politicians, the piece of malware called Pegasus, from Israeli surveillance company NSO Group, could have been sold to authoritarian governments to monitor anywhere up to 50,000 people. Pegasus is a malware used to infect both iPhones and Androids to, according to NSO Group’s website, “detect and prevent terrorism and crime.” It can be used to steal messages, photos, emails, calls, and secretly record users. However, a recent leak of over 50,000 phone... Read more...
Audacity sparked quite the firestorm over the weekend after the scope of changes to its privacy policy were revealed to the broader public. The changes came after Audacity was acquired by Muse Group earlier this year. Some of the key sticking points that alarmed users of the audio editing program were that while customer data is hosted primarily in the European Economic Area (EEA), it could "occasionally" be shared with Audacity's main office in Russia (and the United States). In addition, Muse Group explained that customer data could be shared with "any competent law enforcement body, regulatory, government agency, court, or other third-party." Audacity currently has amassed over 100 million... Read more...
For the past two decades, Audacity has built and maintained a following as a capable and free audio editing program. Being a no-cost solution is a big draw, and so are a coupe of other attributes—it's an open source program, and available on multiple platforms (Windows, macOS, GNU/Linux). Some users are starting to sour on it, however, accusing the new owner of turning it into a spyware vehicle of sorts. Audacity changed hands in April when it was acquired by Muse Group for an undisclosed sum. At the time, Martin Keary, head of design at MuseScore, an open source notation program owned by Muse Group as well, offered up some encouraging comments about the deal. Keary is the one who is now... Read more...
If you have been on the internet for any length of time, there is a pretty good chance that at least some of your personal information is out there in a database. However, if you happen to use LinkedIn, these odds have now gone significantly up. Some malicious people have managed to scrape information like phone numbers and emails for millions of accounts from the business networking site and are now selling it online. On June 22nd, "GOD USER" TomLiner posted to popular hacking and leak trading site RaidForums, explaining that he had collected 700 million LinkedIn records from this year. These records have been verified to include full user names, birthdays, social media handles, email addresses,... Read more...
Ensuring accounts are secure is an important part of being online, as there are always people out to try and get you. This is especially true for app developers who may be targeted for the data they do or could possess. Thus, Google is introducing new security measures for developers to help strengthen accounts and better understand their needs. The first new security measure Google is implementing is new identification requirements when creating a new Google Play dev account. As of now, Google only asks for an email address and phone number; however, this update will add account type, contact name, physical address and will also require users to verify their email and phone number. This information,... Read more...
As the push for privacy ramps up, user data collection is beginning to drop, starving people and organizations of useful information for legitimate purposes like research. To combat this, Mozilla has created Rally, a tool that allows users to selectively “contribute their browsing data to crowdfund projects for a better Internet and a better society.” The primary concern one would have with Mozilla Rally is privacy, but as Mozilla states, it is “Built for the browser with privacy and transparency at its core,” allowing users to control and contribute any browsing data they generate. If this manages to take off, the crowdsourced data will be used to “help understand... Read more...
In recent years and months, Google has been working to improve user privacy across all its brands. Whether this is genuine is a debate for another day, but other companies are now trying to compete, as a “focus on privacy” has become a big selling point. Subsequently, Brave Search, a search engine “built on top of a completely independent index, and doesn’t track users, their searches, or their clicks,” has become available from the company behind Brave Browser. Back in March, the San Francisco-based company announced the acquisition of Tailcat, an open search engine “developed by the team formerly responsible for the privacy search and browser products at... Read more...
Google’s Federated Learning of Cohorts (FLoC) is the company’s attempt to improve privacy around the web by replacing third-party cookies that dominate user tracking. In recent weeks, the FLoC has received quite a bit of scrutiny from WordPress and other organizations. It seems Amazon is the latest to join the FLoC-block as the e-commerce company has blocked the new tracking service on many of its websites. From the main site to WholeFoods and everything else in between, it is being reported that Amazon is now blocking Google’s FLoC from gathering data. Interestingly, analysis collected by Digiday shows that the Seattle-based company is doing this in several different ways.... Read more...
While a push toward privacy is great for the average person, it is also simultaneously great for criminal gangs. Using secure messaging systems, these gangs can secretly communicate plans for drug shipments or killings worldwide. However, if law enforcement is inside these messaging apps, then the criminals can be caught easily. It appears the FBI did exactly that by running a “secure” messaging system leading to the seizure of hundreds of millions in drugs, weapons, cars, cash, and cryptocurrency. This sting operation saga started in 2018, when law enforcement agencies took down Phantom Secure, which made custom encrypted devices for criminals. In this operation, AP News reports... Read more...
TikTok is one of the most popular apps in the United States right now after it effectively replaced Vine for quick content and entertainment. However, their track record has been mired by lapses in user privacy and contention with the U.S Government. Now, it seems some of those early accusations and concerns were founded as TikTok has now updated its privacy policy to include the collection of new types of biometric data such as “faceprints and voiceprints,” whatever that may mean or be used for. On Thursday, TechCrunch spotted a change in its U.S privacy policy that explains that the social media app “may collect biometric identifiers and biometric information” from its... Read more...
Big corporations seem to always think they know what is best for consumers, and often jam policies down their throats whether they want them or not. Case in point, Google is moving away from traditional tracking cookies in its Chrome browser to a system called Federated Learning of Cohorts, or FLoC, which has drawn widespread scrutiny. For those who have no interest in FLoC but want to stick with Chrome, there is a way to disable it. We'll get to the steps in a moment, but first let's talk about cookies and FLoC for a moment. Cookies are what sites use to track user sessions or data, so that if you leave a website and return to it later, you are still logged in. Third-party cookies also track... Read more...
Several of Amazon's hardware devices are about to become part of a mesh network, with a crowdsourced spin. It is part of an initiative called Amazon Sidewalk, and what it does is allow devices is create is a low bandwidth network from bridge devices, including select Echo and Ring gadgets from you and your nearby neighbors. The kicker, though, is that this sharing-is-caring approach will be enabled by default. That means if you own an Echo or Ring device and do absolutely nothing, it will automatically become part of a crowdsourced mesh network (unless you live in the boonies far removed from any neighbors, of course). This is an opt-out and not an opt-in affair. Should I Use Amazon Sidewalk?... Read more...
It is time to update macOS devices as a new 0-day has been found that allows malware to bypass privacy protections. The logic bug allowed any app to inherit another app’s permissions to take screenshots or do other activities without the end-user knowing, making this quite concerning. In 2020, malware called XCSSET made an appearance using two 0-day exploits to target Xcode developers and their projects. It would primarily spread using these projects, some of which were shared on GitHub, “leading to a supply-chain-like attack for users who rely on these repositories as dependencies in their own projects,” as researchers at Trend Micro explain. Since the initial discovery, the... Read more...
Apple's iOS 14.5 was supposed to let users take back control over their data, or so the narrative goes, by preventing apps from tracking their every move. Apple has been banging that privacy drum for a long time now, and customers have taken the company at its word. In fact, you've likely already read our report that a full 95% of users have opted out of allowing Facebook's app to track their data since iOS 14.5 privacy changes launched a few short weeks ago. However, what's to stop Facebook from continuing to track you once the data winds up on their servers? Not much, as it turns out, but there are options for turning the screws down a bit more.  Do You Really Need Geotagging On For Sharing... Read more...
Cloud-based additions to mobile apps have become commonplace, but they are not always the best thing for consumers or developers. According to new research, by either misconfiguration or simple lack of security best practices, some mobile app developers have left the personal data of over 100 million people at risk. Cyber threat intelligence company Check Point Research (hereafter CPR) recently discovered that many application developers put user data at risk by not following best practices when “configuring and integrating 3rd party cloud services into applications.” This vulnerable data could include both the developers’ as well as the consumers’ information, which is... Read more...
In the past 24 hours, security camera company Eufy had a massive lapse in privacy when customers began to report that they had access to other peoples’ devices live and recorded feeds. Though this could be a one-off situation, it begs the discussion about cloud-based camera solutions and how secure your IoT devices are. First mentioned by Reddit user MeChum87, the situation began when the New Zealander opened his Eufy app and managed to access an Australian’s camera feeds, videos, and contact details. Initially, he became concerned about his children and other people peering into his life and decided to bin the cameras due to this event. The post now has 266 comments, several... Read more...
The recent feud between Apple and Facebook has been well documented. The companies have been at odd for years, but tensions between the two came to a head most recently when Apple detailed its newest privacy guidelines at WWDC 2020. Those guidelines would force companies to disclose how a customer's data was being used by its apps and require users to Opt-In, to allow gathering of personal data. To date, apps have been able to leverage the Apple Identifier for Advertisers (IDFA) feature to analyze user data and provide targeted advertising. This week’s launch of iOS v14.5, however, changes the paradigm. Instead of having to jump through hoops to Opt-Out, with Apple’s latest iOS update,... Read more...
Facebook knows an awful lot about you, more so than it wants to let on. Sure, it is common knowledge that Facebook sells user data so advertisers can deliver targeted pitches—look up something in your browser and it won't be long before ads for similar items appear on your feed—but have you ever stopped to consider just how much Facebook knows about your likes and tendencies? The developers of Signal, a cross-platform encrypted messaging app (the same outfit that hacked the Cellebrite tool police use to crack iOS and Android phones), shared the kind of insight that is available to advertisers, prompting Facebook to ban their ad account. Signal tried using Instagram ads to show examples... Read more...
At the start of May, researchers at the University of Virginia announced that current Spectre chip vulnerability mitigations could be bypassed entirely, bringing the ghostly security flaw back to life. Intel has now officially responded by claiming that software coded following its specific security guidance protects against these new vulnerabilities. However, UVA  researchers seem to disagree with the general sentiment. The question now is, who is right and what needs to happen to protect end-users? Here's Intel's full statement on the matter... “Intel reviewed the report and informed researchers that existing mitigations were not being bypassed and that this scenario is addressed... Read more...
1 2 3 4 5 Next ... Last