Items tagged with Privacy
Is your smartphone’s lock screen protected by the 4th Amendment of the United States Constitution? A recent court case in Washington state argued that activating a person’s lock screen could potentially count as a “search”. Lock screens are therefore protected from “unreasonable searches and seizures” and law enforcement must have a search warrant. The court case focused on the constitutional rights of Joseph Sam. Sam was arrested by officers from the Tulalip Police Department in May 2019. One of the officers powered on Sam’s Motorola smartphone. The officer did not attempt to unlock the device or force Sam to do so. The Federal Bureau of Investigation...
Read more...
Google has announced that it has begun the rollout of new tools and a redesign of the Chrome web browser's privacy and security settings on desktop. The goal is to give users more control over their safety on the web. Among the updated controls are easier to manage cookies allowing users to choose if and how cookies are used by websites they visit. The browser now has the ability to block third-party cookies in regular or incognito mode and block all cookies on some websites. Updated Site Settings include reorganized controls in two distinct sections with the intent of making it easier to find the most sensitive website permissions. The sensitive website permissions include access to your location,...
Read more...
Earlier this month, Zoom proudly announced via a blog post that it has surpassed the 300 million daily active users (DAU), crowing that “more than 300 million people around the world are using Zoom during this challenging time.” It was an impressive figure for a company that is challenging the likes of Google, Microsoft, and Facebook for dominance in the video conferencing sector. But as it turns out, that number was bogus, and Zoom tried to quietly walk back the 300 million DAU figure by removing it from the original blog post. The only problem, however, is that the tally had already been widely reported, and The Verge noticed that the blog had been...
Read more...
Users have been having a love-hate relationship with Zoom, the popular video conferencing application that has a seen a surge in activity since the COVID-19 outbreak. The startup was not quite prepared for the influx of mainstream users, and Zoom's CEO admitted to some security and privacy "missteps." Some of those have been addressed in a new Zoom 5.0 software update. The update is part of Zoom's previously announced 90-day plan to identify and address security and privacy issues. Part of that entails adding support for AES 256-bit GCM encryption. It's still end-to-end encryption, but should make Zoom meetings more secure. “I am proud to reach this step in our 90-day plan, but this is...
Read more...
You may have noticed that Mozilla has begun pushing out a new version of its Firefox browser. Build 75 started to go out earlier this week (you can initiate an upgrade by going clicking on the three vertical lines in the upper-right corner and navigating to Help > About Firefox), and with it comes scheduled telemetry. Let's discuss what exactly is going on, and how you can disable this new function (if you so desire). This is something Mozilla outlined in March, with the browser maker saying its daily data collection is designed to "ensure we can understand default browser trends in a way that helps us improve Firefox." Incidentally, Microsoft's Edge browser (now powered by Chromium, the same...
Read more...
In some ways, these are unprecedented times, resulting in a dramatic rise in the use of video conferencing software. Many people working from (or stuck at) home have turned to Zoom, and the sudden influx exposed some security and privacy issues. In the wake of it all, Microsoft is reminding users of its Teams software, while emphasizing its "commitment to privacy and security." Jared Spataro, corporate vice president for Microsoft 365, wrote a blog post on the subject, assuring users that "privacy and security are never an afterthought" at Microsoft. Some may view that as a subtle (or maybe not-so-subtle) dig at Zoom. I'm not entirely sure if that is how it was meant to come across, but it's...
Read more...
Some school districts have reportedly banned the use of Zoom over security and privacy concerns, as weaknesses in the software have come to light in recent weeks. Speaking to those concerns, Zoom founder and CEO Eric Yuan admitted the startup "moved too fast" in light of the COVID-19 outbreak and "had some missteps." Complaints have ranged from security flaws that could potentially expose a user's Windows login credentials and shady data collection practices (which Zoom later apologized for), to having sessions disrupted by hackers. Known as "Zoombombing," this often results in a hacker displaying pornographic or racist images, along with using threatening language. It is easy to see why school...
Read more...
A security researcher who discovered a over half a dozen zero-day vulnerabilities in the Safari browser has lined his pockets with $75,000, courtesy of Apple's bug bounty program. Left unaddressed, a few of the vulnerabilities could allow an attacker to hijack the webcam on Mac systems, as well as iPhone and iPad devices. Ryan Pickren detailed the vulnerabilities in a pair of blog posts. He found seven in total (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787), three of which were directly related to potentially taking over the webcam or camera on macOS and iOS devices. "If a malicious website strung these issues together, it could...
Read more...
Google Chrome is the popular browser on the planet, and the search giant is always looking for ways to add features and improve security across the board. The latest new feature being introduced to Chrome is an expansion of the existing Guest mode. It’s called "Default to Guest" mode and is primarily aimed at power users. Default to Guest mode provides what Google describes as a "stateless browsing experience from session to session" that is enabled every time you open a browser session, rather than you having to select "Guest" from the profile icon in the UI. Once you close out your browsing session, all of your cookies, site data, and browsing history are automatically deleted. This mode...
Read more...
Whisper is an app that was meant to allow users to anonymously share highly intimate details on their sexual preferences and other data without other users knowing who they really were. The app has been confirmed to have leaked personal information online that was tied to the location of the user. The leaked messages were publicly viewable until a major news outlet contacted Whisper before running a story on the breach. Ironically, Whisper calls itself the "safest place on the Internet" and claims to have hundreds of millions of users. For years the app left intimate confessions exposed on the Web that were tied to the posters age, location, and other details. The concern for these intimate details...
Read more...
Bicyclist Zachary McCoy found himself at the center of a police investigation thanks to his Android phone's location-tracking information. McCoy was riding his bicycle while using fitness tracking app RunTracker to record his rides. The man says that one Tuesday afternoon in January, he received an email from Google's legal investigation support team alerting him that local police had requested information related to his Google account. Zachary McCoy found himself the target of a police investigation - Image Credit: NBC News Google warned McCoy that it would release the information the police were requesting unless he went to court and tried to block it within seven days. McCoy said that he had...
Read more...
At this point in time it is no secret that the United States National Security Agency (NSA) is able to access citizen’s phone calls and text messages. But has the NSA’s various surveillance programs yielded any results? It was recently revealed that the USA Freedom Act of 2015 has cost taxpayers over $100 million USD but has only led to one noteworthy investigation. The USA Freedom Act of 2015 was originally passed to modify the controversial Patriot Act. One of the purposes of the act was to limit the amount of data that the NSA received from telecommunication companies like AT&T and Verizon. However, these telecommunication companies continued to share mass amounts of data,...
Read more...
A few days ago, some Samsung device owners reported receiving a mysterious "1/1" push notification on their smartphones, from the company's Find my Mobile app. Initially, Samsung explained it as a "message sent unintentionally during internet test[ing]" and said there was "no effect" on user's devices. However, Samsung now admits the notification compromised personal data belonging to a "small number" of users. The notification itself was rather benign, and the result of a "technical error." That should have been the end of it. Unfortunately, some users discovered that when they went into their Samsung accounts to change their passwords (erring on the side of caution), they could see other people's...
Read more...
WhatsApp is popular because its end-to-end encryption gives users warm fuzzies over the privacy and security of their chats. However, the chat messaging application might not be quite as secure or private as you thought (or at least that was the case). That's because Google had been indexing links to group chats, which in turn allowed any Joe or Jane to join and see potentially private information. Apparently this had been going on for several years. As a result, there were hundreds of thousands of indexed chat group links on the web, all of which were a simple Google search away. Your WhatsApp groups may not be as secure as you think they are. The "Invite to Group via Link" feature allows groups...
Read more...
Another day, another data privacy flub, and this time it's from Google. Google Takeout is a service that allows users to download their data from Google apps as a backup or to use it with another service. That sounds good on the surface until, somehow, Google managed to send backed up videos to unrelated users. Google began warning users of impacted accounts this week. Google is calling sending videos to the wrong person a "technical issue," and the letter sent to users notes that between November 21-25, 2019, anyone who requested a backup could have had videos in Google Photos "incorrectly exported to unrelated users' archives." A letter sent out to some users didn't specify how many videos...
Read more...
Earlier this week, we reported that Avast was under fire for its data privacy policies (or lack thereof) for its free antivirus software. Through its subsidiary Jumpshot, Avast sold vast amounts of user data to big name customers like Google and Microsoft (among others). Although Avast claimed that the data that it obtained and transmitted to these companies via Jumpshot was "fully de-identified and aggregated", it was rather easy to piece the data together including a user's device ID, time stamps, and other pertinent details to track a person across the web. "Maybe the (Jumpshot) data itself is not identifying people," said privacy researcher Gunes Acar earlier this week in reference...
Read more...
The University of Missouri (MU) is deploying a new student tracking application that runs on a smartphone. The app, SpotterEdu, is designed to measure and enforce class attendance. Reports indicate that the tracking app is required for all student-athletes, but is optional for all other students. MU says that participation was offered to fewer than 2% of MU students during the pilot phase and is completely optional. For students who don't want to check-in using the app, they can use an alternate method, like signing an attendance sheet. SpotterEDU is an app that was developed by a former basketball coach, and can monitor attendance by pinpointing students in the classroom and...
Read more...
Facebook founder and CEO Mark Zuckerberg published an article today that says one of the main goals of the social network in 2020 is to build "much stronger privacy protections for everyone on Facebook." Zuckerberg says that Facebook knows it has a lot of work to do in that realm, which is why it's making it a priority not only for the teams at Facebook but for Zuckerberg personally. Since today is Data Privacy Day, Zuckerberg says that he wanted to share some of the work his company is doing to give users more control over privacy both on and off Facebook. Over the next few weeks, Facebook will start showing nearly 2 billion people around the world a prompt encouraging them to review privacy...
Read more...
Tinder does not have the most stellar reputation when it comes to their users’ physical safety. Although there have been many people who have safely used the app, there have also been several users that have been physically harmed by their Tinder dates. Tinder recently implemented a panic button and artificial intelligence technology to help keep their users safe. However, it was also discovered that these security measures may be sharing your information with third-parties. Tinder has teamed up with Noonlight, a safety platform and mobile app, to offer a panic button and catfish detection AI. The panic button allows users to quietly contact an emergency dispatcher. Users will be able to...
Read more...
Up until last month, an anti-tracking featured introduced to Apple's Safari browser in 2017 actually left users potentially more susceptible to being tracked by hackers due to multiple vulnerabilities discovered by Google's engineers. Fortunately, Apple patched the security holes in December, though it's a bit of an unsettling situation. The feature in question is called Intelligent Tracking Prevention. It leverages a machine learning model to classify which top privately-controlled domains are able to track users from one site to another, based on a set of collected statistics. If the site is one the user frequently visits, it is allowed to perform cross-site tracking. But if it's a site the...
Read more...
Microsoft is coming under fire for a breach in customer privacy after it was revealed that the records of 250 million customers were exposed late last year. The data leak was initially reported on by security firm Comparitech, which found the information spread across five Elasticsearch servers. According to Comparitech, all five servers contained identical information from the 250 million customer records. The scope of the data unearthed was vast, covering a time period spanning from 2005 through December 2019. And what's even more unsettling is that this information was publicly indexed, meaning that anyone could access the information. Information that was exposed included customer email addresses,...
Read more...
Apple and the FBI have clashed over encryption policies on numerous occasions, with the latter pressuring the former to build a backdoor into iOS to make it easier for authorities to crack into locked iPhone handsets. To this point, Apple has not wavered, or so we thought. New information suggests Apple had planned to support fully encrypted iCloud backups, but relented after objections from the FBI. In case you have not been following this saga, Apple and FBI butted heads publicly following the deadly San Bernardino shooting in late 2015. The FBI recovered an iPhone 5C that belonged to one of the terrorists involved in the shooting, who was killed in a showdown with police. It then sought Apple's...
Read more...
