Although Apple hasn’t released macOS Catalina yet, it did update its browser to Safari 13. It has a new section for downloads permissions.
privacy
More Apps Should Use Differential Privacy
News app Tonic is different than most news apps because it uses differential privacy. More apps should do the same.
Before your eyes cross, a real-life example Cyphers gave me is the census. The government has a lot of aggregate data about its citizens—and it probably wants to share demographic information from that set without revealing anything about any one particular individual. Let’s say you live in a small census block with only one or two people. It wouldn’t take a genius to figure out personal information about you, given the right parameters. Differential privacy would be a way to summarize that data without putting any one individual at risk.
Amazon Has a Mole in the California State Assembly
Perhaps using the word “mole” is hyperbole. But it’s deeply concerning that California Assemblywoman Jacqui Irwin is actively trying to kill California’s privacy act that would impede companies like Amazon Ring, when her husband is the COO for Ring.
Like other companies that collect vast amounts of consumer data, Ring — and its parent company, Amazon — has a financial stake in the details of California’s groundbreaking data-privacy law. Industry groups, including those representing Amazon, have been scrambling to change the law before it takes effect Jan. 1.
“We can talk about this later,”Jacqui Irwin said, side-stepping questions about a potential conflict outside her office last week. “It’s a little bit offensive there.”
HP Printers Send a Ton of Data Analytics Back Home
Software engineer Robert Heaton found disturbing evidence that HP printers request a lot of analytics permissions to send back to the company.
In summary, HP wants its printer to collect all kinds of data that a reasonable person would never expect it to. This includes metadata about your devices, as well as information about all the documents that you print, including timestamps, number of pages, and the application doing the printing (HP state that they do stop short of looking at the contents of your documents).
WhatsApp's 'Delete For Everyone' Feature Doesn't Work With iPhones
WhatsApp from Facebook has a feature called Delete for Everyone that lets people unsend messages, photos, and videos from an individual’s phone, or everyone in a group. But it doesn’t delete them from iPhones.
According to Shitesh Sachan, an application security consultant, who found this privacy issue and shared his findings exclusively with The Hacker News, the feature for WhatsApp for iOS has not been designed to delete received media files saved in the iPhone’s Camera Roll.
Spotify Wants to Track Your Location so Friends Don't Use a Family Plan
In more location tracking news today, Spotify wants to track yours because non-family members sometimes use Family Plans *gasp!*.
“The changes to the policy allow Spotify to arbitrarily use the location of an individual to ascertain if they continue to reside at the same address when using a family account, and it’s unclear how often Spotify will query users’ devices for this information,” said Christopher Weatherhead, technology lead for UK watchdog group Privacy International, adding that there are “worrying privacy implications.”
iOS 13 Forced Facebook to Admit it Collects Your Location Data
Yes, I know how shocked you are folks. As it turns out, Facebook lied about yet another thing: It totally collects your location data, and admitted that fact itself in a blog post.
For years the antisocial media giant has claimed it doesn’t track your location, insisting to suspicious reporters and privacy advocates that its addicts “have full control over their data,” and that it does not gather or sell that data unless those users agree to it.
Then, late on Monday, Facebook emitted a blog post in which it kindly offered to help users “understand updates” to their “device’s location settings.”
You may have missed the critical part amid the glowing testimony so we’ll repeat it: “… use precise location even when you’re not using the app…”
Quote from a TMO reader: “Hoping that FB will somehow become secure is as much magical thinking as expecting a wild pig to perform the role Juliet for Bolshoi.”
Custom Fonts Can Track You in iOS 13
Custom fonts may be able to track you in iOS 13. Google’s Crashlytics admitted as such on Twitter, including a unique identifier.
NSA Publishes Threatening Letter Calling for Encryption Backdoors
Glenn S. Gerstell, general counsel for the National Security Agency (NSA) published a letter in the New York Times, writing about how a “digital revolution threatens to upend our entire national security infrastructure.” He thinks backdoors into encryption is one answer (of course he doesn’t use the word backdoor), as well as the agency collecting even more data from citizens. Read his letter by clicking the link below, then read this take by Nefarious Laboratories.
Make no mistake, this letter is a thinly-veiled threat to every major corporation around the globe: provide the U.S. government with access to all of your data or else, “there is another path, and it is the one taken by authoritarian regimes around the world”.
Mozilla VPN Launches Under Test Pilot Program
Firefox Private Network is a Mozilla VPN launching under its old Test Pilot program. It’s available as a beta today for U.S. users with a Firefox account.
In a nutshell, the Firefox Private Network extension will provide a “secure, encrypted path to the web” to protect the user’s Wi-Fi connection and data contained within the Firefox browser. One of the scenarios Mozilla thinks Firefox Private Network will be useful for is when connecting to the internet through public Wi-Fi hotspots, as it will shield personal information and conceal what websites a user is visiting.
Google Built Fake Webpages Called 'Push Pages' to Defy GDPR
As part of Google’s DoubleClick/Authorized Buyers advertising system, the company created hidden webpages for advertisers that violate its own policies.
Google Push Pages are served from a Google domain (https://pagead2.googlesyndication.com) and all have the same name, “cookie_push.html”. Each Push Page is made distinctive by a code of almost two thousand characters, which Google adds at the end to uniquely identify the person that Google is sharing information about. This, combined with other cookies supplied by Google, allows companies to pseudonymously identify the person in circumstances where this would not otherwise be possible.
A U.S. Senator Suggests Prison Time for Mark Zuckerberg
In an interview, U.S. Senator Ron Wyden said that Facebook CEO Mark Zuckerberg should be imprisoned for Facebook’s privacy scandals.
Advertisers Came Up With a Dumb New Way to Track You
Advertisers aren’t happy with solutions like Safari’s Intelligent Tracking Prevention. They came up with an alternative version to cookies.
Google Bans Apple Card From Advertising Platform
Google doesn’t want customers to use virtual card numbers, and that includes the one Apple Card uses. An anonymous person writes about their experience.
Last week I received my Apple Card and decided to use it on my Google Ads account for another project. Getting a little bit of daily cash back for my meager ad spend was attractive. Within a couple of hours of updating my payment method my account had become suspended for suspicious payment activity.
I’m writing this to warn anyone else that intended to use the card online that you may experience… difficulties. And if you’re planning on using the Apple Card for anything important, think again.
It makes sense, on the premise that tracking companies like Google would oppose private measures like the Apple Card. I assume other virtual cards like Privacy.com would suffer the same fate.
Amazon's Surveillance Company Partners With 400 More Police Forces
Ring, the Amazon-owned surveillance company that sells doorbell cameras, is partnering with 400 more police forces across the U.S.
The partnerships let police automatically request the video recorded by homeowners’ cameras within a specific time and area, helping officers see footage from the company’s millions of Internet-connected cameras installed nationwide, the company said. Officers don’t receive ongoing or live-video access, and homeowners can decline the requests, which Ring sends via email thanking them for “making your neighborhood a safer place.”
ProtonMail Clarifies its Transparency Report Regarding Law Enforcement (Update)
ProtonMail updated its transparency report to explain its relationship with law enforcement better.
Apple Pledges to Improve Siri Privacy, Starting by Firing 300 Contractors
Apple published an article promising to improve Siri privacy by making changes to its grading program, along with firing contractors.
Nextdoor App Sends Letters on Users' Behalf Without Consent
Nextdoor is a social network that lets you see things that are going on in your local neighborhood. Dutch police have issued warnings about the app recently, saying that the company sent letters on users’ behalf.
We talked to a woman whom we’ll refer to as W.H., as she wishes to remain anonymous. Letters in her neighborhood were delivered with her as the sender. The letters were asking the receivers to install the app and join the community. W.H. did not send those letters, but she was a user of the Nextdoor app. And she remembered receiving an email from Nextdoor asking whether she would like to invite the people in her neighborhood.
Ugh. Possible lawsuit?
Apple Card Privacy, App Store Download Stats – TMO Daily Observations 2019-08-27
Andrew Orr and Bryan Chaffin join host Kelly Guimont to talk about Apple Card’s relative privacy and App Store download statistics.
Comparing Apple Card's Privacy to Other Credit Cards
Geoffrey Fowler compared an Amazon credit card with Apple Card to see which one is more private. The knee jerk response is to say Apple, and it’s true that Apple does have more privacy than others. But when it comes to the Apple Card, that privacy only appears under certain circumstances.
Despite a federal privacy law covering cards, I found that six types of businesses could mine and share elements of my purchase, multiplied untold times by other companies they might have passed it to. Credit cards are a spy in your wallet — and it’s time that we add privacy, alongside rewards and rates, to how we evaluate them.
Bottom line: Neither Apple nor Goldman Sachs collects or shares your data. But retailers and card networks like Mastercard can still collect and sell your purchase data.
Google Privacy Sandbox Probably Won't Protect Your Privacy
Advertising company Google wants to build a “Google privacy sandbox” as a way to improve personalized ads while attempting to remove the “personalized” part.
The goal of these proposals is to promote a dialog on ways browsers could advance user privacy, while still ensuring publishers can earn what they need to fund great content and user experiences, and advertisers can deliver relevant ads to the right people and measure their impact.
Or, if you want to support websites with ads while also protecting your privacy, stick to Safari.
Apple Blocks Spying Kazakhstan Root Certificate
The Kazakhstan government is trying to spy on citizens with a government-issued root certificate for websites. Apple, Google, and Mozilla are blocking it in their browsers.
The root certificate in question, labeled as “trusted certificate” or “national security certificate,” if installed, allows ISPs to intercept, monitor, and decrypt users’ encrypted HTTPS and TLS connections, helping the government spy on its 18 million people and censor content.
Once installed, the certificate allowed the Kazakh government to decrypt and read anything a user visiting popular sites—Facebook, Twitter, and Google, among others—types or posts, including intercepting their account information and passwords.
You'll Be Able to Convert Your Logins to Sign In With Apple
Ryan Christoffel has been testing Sign In with Apple in some beta versions of apps this summer. Using it is as easy as Apple said it would be. And the feature that I hoped would be included will arrive too: Converting your existing logins to Sign In with Apple.
Although Sign In with Apple is mainly beneficial for new users who don’t yet have an account for a given app or service, with the system Apple has built, developers have the option of letting existing users convert their accounts to Sign In with Apple for its convenience and security benefits.
I hope there will be widespread adoption of this. Another thing I wondered: If some companies complain that iOS 13’s location feature is anti-competitive, what will they say about Sign In with Apple?
Apple's Privacy Rule for Kids Apps Delayed
At WWDC 2019, Apple announced stricter rules for kids apps. Developers of these apps aren’t allowed to use analytics within them. Ads would also be limited. Apple is now delaying the rule to give developers more time.
Apple says it is making the move in part to better protect users’ privacy by shielding children from data trackers, a move that has been lauded by some privacy advocates. But some developers say they fear that the new rules won’t protect kids — possibly exposing them to more adult apps — and could pointlessly reduce their businesses.
Maybe don’t make preying on kids your business model?