Items tagged with Privacy

In 2020 we are all too familiar with incidents in which private companies sell user data. Many of us are less familiar with the ways that public entities can also sell and circulate data. It was recently revealed that the California Department of Motor Vehicles (DMV) frequently sells drivers’ data to private investigators, bail bondsmen, and other companies. Motherboard recently obtained a document through the California Public Records Act that lists 98,000 businesses and institutions that have accessed DMV data. This information can include driver's name, home address, email address, ZIP code, date of birth, phone number, etc. These entities ranged from trucking companies to private investigators... Read more...
The debate over whether smartphone owners should be legally compelled to involuntary unlock their handsets for law enforcement rages on, and advocates that they should just scored a key victory in New Jersey. In a 4-3 vote, the New Jersey Supreme Court ruled that a former police office accused of tipping off a gang member via text messaging is not protected by the Fifth Amendment, and must unlock his phone. Robert Andrews was at one time an Essex County sheriff's officer. Prosecutors allege he had ties with a street gang member named Quincy Lowery, a suspected drug dealer who was ultimately arrested in 2015. Lowery told prosecutors that he had communicated with Andrews about the investigation... Read more...
Serving as yet another reminder that whatever you put out there in the online world should be assumed to exist forever, it was discovered that Instagram (owned by Facebook) was not wiping deleted content from its servers like it was supposed to be doing. The discovery led to a $6,000 payday for the security researcher who discovered the flaw and submitted it to Instagram's bug bounty program. Normally when you delete something from an online service, like a video or a post, it still remains on the service's servers for a period of time. According to Instagram, it takes around 90 days for deletions to be wiped from its systems for good. Or at least that is how it applies to wholesale account deletions,... Read more...
Security researchers recently discovered multiple vulnerabilities within certain Amazon domains that could have allowed an attacker to access sensitive Alexa data, including voice histories and personal data, before they were fixed. A hacker would have also been able to install and remove skills from a targeted Alexa-enabled device, of which over 200 million have been sold globally. As if that is not concerning enough, the attack only required a single click by a user on a malicious link crafted by the hacker, and voice interaction by the victim, according to security researchers at Check Point. At that point, the hacker(s) would be able to access the target's personal information, including... Read more...
App makers are going to have to rethink things when iOS 14 arrives, because the next version of Apple's mobile operating system has a privacy feature that likes to tattle on certain behaviors. We have seen this a few times already, with the iOS 14 beta—notably, the beta revealed TikTok and a few other apps were sneakily accessing clipboard data on iPhone devices. Now Instagram is finding itself under the spotlight for a supposed bug that is causing the camera to stay on even when users are simply scrolling through their feeds. Instagram (owned by Facebook) obviously needs to access to the camera at certain times, because it's a photo and video sharing service. But some users of the iOS... Read more...
For many people around the world, a common way to protect their privacy and prevent anyone from watching them when they're not aware is to cover the camera lens on their notebook or desktop. People cover lenses of their webcams with all sorts of materials, including tape and other coverings. However, Apple has warned users not to close their MacBook, MacBook Air, or MacBook Pro with certain types of camera covers installed. Apple reminds users that it designed Mac computers to protect their privacy with an indicator light tell users when the camera is on. If the Mac is closed with a camera cover installed, there is a chance that the display could be damaged because the clearance between the screen... Read more...
App stores are imperfect places, and serving as a reminder of this, a cybersecurity firm based in France alerted Google to the discovery of over two dozen malicious Android apps hanging out in the Play Store. Fortunately, Google was quick to banish the apps. However, if you already have any of them installed, you should wipe them from your phone or tablet right away. In this case, the apps are prone to stealing your Facebook login credentials. "When an application is launched on your phone, the malware queries the application name. If it is a Facebook application, the malware will launch a browser that loads Facebook at the same time. The browser is displayed in the foreground which makes you... Read more...
Earlier this week, TikTok found itself in hot water for snooping clipboard data on iPhone handsets, which it tried to justify as a fraud detection feature. Following the backlash, TikTok said it would patch out the behavior. Fantastic, but are there other mobile apps that do the same sort of thing? There is at least one, and that app is LinkedIn. This kind of unwanted behavior has come to light because of a change Apple made to its upcoming iOS 14 update. While not yet being pushed out to the public at large, iOS 14 is available as a beta release, and it sports a new privacy function that tattles on apps that poke their heads into clipboard data. That is how TikTok was caught, and now LinkedIn.... Read more...
Ever find yourself wondering how many times Facebook will drop the ball when it comes to data privacy? The answer is at least one more time, apparently. In a blog post, Facebook admitted it uncovered a flaw that allowed thousands of third-party app developers to access data that they should not have been able to. You may recall that Facebook co-founder Mark Zuckerberg sat before Congress and answered a bevy of questions about data collection practices, privacy practices, and so forth, after the whole Cambridge Analytica scandal. Zuckerberg has gone on record multiple times saying government regulation of these things is not necessarily a bad idea. One of the criticisms he faced when answering... Read more...
Yesterday, we brought you news that the TikTok app has been doing some shady things behind the scenes with devices running iOS. Following the release of the first iOS 14 beta, it was discovered that TikTok was pinging the system clipboard constantly and pasting that data for its own use. Without the steady stream of pop-up notifications about clipboard access being presented to endusers -- which is a new feature in iOS 14 to help spot any potential privacy violations -- most people wouldn't have even known about TikTok's nefarious behavior, which developer ByteDance said was in place to "identify repetitive, spammy behavior." However, this isn't the first time that the TikTok app has... Read more...
TikTok has taken the world by storm as people of all ages uses the social networking platform to share videos. People use the platform to lip-sync to their favorite songs, perform short skits, or any number of humorous hijinks that the platform has been recognized for over the past year. It’s become a blockbuster app that is especially popular with the young adults. However, users have raised privacy concerns about the app ever since it launched in the United States, with many questioning whether the Chinese government was somehow using the app to spy on Americans. Today, TikTok isn’t doing itself any favors in assuaging those fears after it was found that the app has been accessing... Read more...
The main draw of using WhatsApp is enhanced privacy through end-to-end encryption, followed by its popularity—more than 2 billion people in over 180 countries use the instant messaging service. This also makes privacy and security lapses all the more glaring, when they are found. And according to a security who unsuccessfully tried to collect a bug bounty, there is a "privacy issue" that needs addressed. At the center of the issue is the application's 'click to chat' feature. "WhatsApp's click to chat feature allows you to begin a chat with someone without having their phone number saved in your phone's address book. As long as you know this person’s phone number and they have an... Read more...
Google faces a proposed class action lawsuit seeking at least $5 billion in damages over its data collection policies tied with its Chrome browser, and specifically the browser's Incognito mode. According to the lawsuit, Google engages in "surreptitious tracking" by collecting browser histories and other web activity "no matter what safeguards consumers undertake to protect their data privacy." Part of what makes the lawsuit interesting is it alleges Google is running afoul of federal and California state laws on wiretapping. "Google must be held accountable for the harm it has caused to its users in order to ensure it cannot continue to engage in the covert and unauthorized data collection from... Read more...
Is your smartphone’s lock screen protected by the 4th Amendment of the United States Constitution? A recent court case in Washington state argued that activating a person’s lock screen could potentially count as a “search”. Lock screens are therefore protected from “unreasonable searches and seizures” and law enforcement must have a search warrant. The court case focused on the constitutional rights of Joseph Sam. Sam was arrested by officers from the Tulalip Police Department in May 2019. One of the officers powered on Sam’s Motorola smartphone. The officer did not attempt to unlock the device or force Sam to do so. The Federal Bureau of Investigation... Read more...
Google has announced that it has begun the rollout of new tools and a redesign of the Chrome web browser's privacy and security settings on desktop. The goal is to give users more control over their safety on the web. Among the updated controls are easier to manage cookies allowing users to choose if and how cookies are used by websites they visit. The browser now has the ability to block third-party cookies in regular or incognito mode and block all cookies on some websites. Updated Site Settings include reorganized controls in two distinct sections with the intent of making it easier to find the most sensitive website permissions. The sensitive website permissions include access to your location,... Read more...
Earlier this month, Zoom proudly announced via a blog post that it has surpassed the 300 million daily active users (DAU), crowing that “more than 300 million people around the world are using Zoom during this challenging time.” It was an impressive figure for a company that is challenging the likes of Google, Microsoft, and Facebook for dominance in the video conferencing sector. But as it turns out, that number was bogus, and Zoom tried to quietly walk back the 300 million DAU figure by removing it from the original blog post. The only problem, however, is that the tally had already been widely reported, and The Verge noticed that the blog had been... Read more...
Users have been having a love-hate relationship with Zoom, the popular video conferencing application that has a seen a surge in activity since the COVID-19 outbreak. The startup was not quite prepared for the influx of mainstream users, and Zoom's CEO admitted to some security and privacy "missteps." Some of those have been addressed in a new Zoom 5.0 software update. The update is part of Zoom's previously announced 90-day plan to identify and address security and privacy issues. Part of that entails adding support for AES 256-bit GCM encryption. It's still end-to-end encryption, but should make Zoom meetings more secure. “I am proud to reach this step in our 90-day plan, but this is... Read more...
You may have noticed that Mozilla has begun pushing out a new version of its Firefox browser. Build 75 started to go out earlier this week (you can initiate an upgrade by going clicking on the three vertical lines in the upper-right corner and navigating to Help > About Firefox), and with it comes scheduled telemetry. Let's discuss what exactly is going on, and how you can disable this new function (if you so desire). This is something Mozilla outlined in March, with the browser maker saying its daily data collection is designed to "ensure we can understand default browser trends in a way that helps us improve Firefox." Incidentally, Microsoft's Edge browser (now powered by Chromium, the same... Read more...
In some ways, these are unprecedented times, resulting in a dramatic rise in the use of video conferencing software. Many people working from (or stuck at) home have turned to Zoom, and the sudden influx exposed some security and privacy issues. In the wake of it all, Microsoft is reminding users of its Teams software, while emphasizing its "commitment to privacy and security." Jared Spataro, corporate vice president for Microsoft 365, wrote a blog post on the subject, assuring users that "privacy and security are never an afterthought" at Microsoft. Some may view that as a subtle (or maybe not-so-subtle) dig at Zoom. I'm not entirely sure if that is how it was meant to come across, but it's... Read more...
Some school districts have reportedly banned the use of Zoom over security and privacy concerns, as weaknesses in the software have come to light in recent weeks. Speaking to those concerns, Zoom founder and CEO Eric Yuan admitted the startup "moved too fast" in light of the COVID-19 outbreak and "had some missteps." Complaints have ranged from security flaws that could potentially expose a user's Windows login credentials and shady data collection practices (which Zoom later apologized for), to having sessions disrupted by hackers. Known as "Zoombombing," this often results in a hacker displaying pornographic or racist images, along with using threatening language. It is easy to see why school... Read more...
A security researcher who discovered a over half a dozen zero-day vulnerabilities in the Safari browser has lined his pockets with $75,000, courtesy of Apple's bug bounty program. Left unaddressed, a few of the vulnerabilities could allow an attacker to hijack the webcam on Mac systems, as well as iPhone and iPad devices. Ryan Pickren detailed the vulnerabilities in a pair of blog posts. He found seven in total (CVE-2020-3852, CVE-2020-3864, CVE-2020-3865, CVE-2020-3885, CVE-2020-3887, CVE-2020-9784, & CVE-2020-9787), three of which were directly related to potentially taking over the webcam or camera on macOS and iOS devices. "If a malicious website strung these issues together, it could... Read more...
Google Chrome is the popular browser on the planet, and the search giant is always looking for ways to add features and improve security across the board. The latest new feature being introduced to Chrome is an expansion of the existing Guest mode. It’s called "Default to Guest" mode and is primarily aimed at power users. Default to Guest mode provides what Google describes as a "stateless browsing experience from session to session" that is enabled every time you open a browser session, rather than you having to select "Guest" from the profile icon in the UI. Once you close out your browsing session, all of your cookies, site data, and browsing history are automatically deleted. This mode... Read more...
First ... Prev 3 4 5 6 7 Next ... Last