The GCHQ wants Apple to secretly add the agency to iMessage chats and FaceTime calls, effectively creating a backdoor into encryption.
privacy
Like Facebook, Google Also Has a Data Collecting App
Although Google is more transparent than Facebook about what how the programs work, it’s still in violation of the App Store.
Apple's Privacy Stance Means it Does Not Get a Pass on FaceTime Security Bug
It was revealed Monday that Group FaceTime has a major bug. It allows a caller to hear the person they are ringing before the recipient has picked up the phone. As Ben Lovejoy points out on 9to5Mac, Apple, and Tim Cook, in particular, have taken a very strong stance on privacy in recent months. The company even put a big privacy advert on the side of a Marriott in Las Vegas during CES. It has received a lot of praise for its approach to privacy. However, that does not mean they cannot be held to account when a security flaw like this is exposed. In fact, arguably we should expect more from a company that puts such importance on privacy.
This particular FaceTime bug occurs only when someone does something completely illogical and unexpected: adds themselves to a call they initiated. I appreciate this would have been a tricky scenario to anticipate and include in testing. But when you are Apple, a company which has talked of little other than privacy over the past few months, then you don’t get a pass on this.
This Weird Trick Will Make Five Eyes Countries Hate You
Michael Grothaus argues that it’s the perfect time for Android iMessage thanks to Facebook’s plans to unify its messaging apps.
The iPhone maker’s messaging app is widely regarded as one of the best messaging apps ever, thanks to its clean, simple design, its ability to send and receive both encrypted iMessages and regular SMS text messages in the same interface, and its end-to-end encryption.
It’s not the first time this has been suggested, but I think Android iMessage would be great for users. We need an end-to-end encrypted messaging app from a company with a better track record than Facebook.
Looking at the VSCO Privacy Policy
Recently Bryan Chaffin challenged Andrew to examine the VSCO privacy policy and translate it from lawyer-speak to human-speak. Here’s what he found.
Microsoft Office on MAS, Privacy Face-Off – TMO Daily Observations 2019-01-25
Host Kelly Guimont chats with Andrew Orr and Bryan Chaffin about Microsoft Office in the Mac App Store and privacy as a business model.
Your Online Profile Consists of Three Layers
Katarzyna Szymielewicz offers a good approach to how you think about your online profile: What you share, what your behavior tells them, and what the machine thinks of you.
Many decisions that affect your life are now dictated by the interpretation of your data profile rather than personal interactions. And it’s not just about advertising banners influencing the brand of the soap you buy—the same mechanics of profiling users and targeting messages apply to political campaigns and visa applications as much as supermarket metrics. When advertising looks like news and news look like entertainment, all types of content are profiled on the basis of your data.
This is a great article, and the most important layer to think about is the data you put online.
Mark Zuckerberg's Op-Ed is Tone Deaf
Mark Zuckerberg has written an op-ed for The Wall Street Journal, and it’s as tone deaf as ever.
Sometimes this means people assume we do things that we don’t do. For example, we don’t sell people’s data, even though it’s often reported that we do. In fact, selling people’s information to advertisers would be counter to our business interests, because it would reduce the unique value of our service to advertisers. We have a strong incentive to protect people’s information from being accessed by anyone else.
Any service that relies on ad money means the advertiser is the customer. I’d love to hear from an advertiser that would refuse access to peoples’ personal information. Facebook may not sell that data directly to advertisers but you can bet it sells access to the data. Two different words that point to the same destination.
If Privacy is a Human Right, Windows 10 is a Crime Against Humanity
Speaking at the World Economic Forum, Microsoft CEO Satya Nadella says privacy is a human right. But Windows 10 is a privacy nightmare.
My own point of view is that it’s a fantastic start in treating privacy as a human right. I hope that in the United States we do something similar, and that the world converges on a common standard.
Arizona Porn Bill Would Force Consumers to Fund Border Wall
A porn bill [PDF] introduced in Arizona called the Human Trafficking and Child Exploitation Prevention Act would require all internet devices sold in Arizona to be installed with a porn blocker.
How to Opt Out of Data Sharing From 40+ Companies
This website is a hub with links for over 40 companies to opt out of data sharing practices they have.
Simple Opt Out is drawing attention to opt-out data sharing and marketing practices that many people aren’t aware of (and most people don’t want), then making it easier to opt out.
At some point I’m definitely going down the list to see which companies I can opt out from.
Google Hopes No One Notices it's a Digital Oil Baron
A day after the company got fined over privacy and consent practices, Google CFO Ruth Porat says data is more like sunlight than oil.
Most people know the phrase “data is the new oil,” a theory about how the world’s most valuable resource is information rather than petroleum. Speaking at the World Economic Forum on Tuesday morning, Google chief financial officer Ruth Porat said: “Data is more like sunlight than oil … It is like sunshine, we keep using it and it keeps regenerating.”
Google wants to ride the coattails of alternative energy instead of being associated with those nasty old oil barons in the hope that no one will notice similarities. Also the phrase “We keep using it and it keeps regenerating” underscores the belief that data can be collected from people and used for free.
Japan Wants Foreign Tech Companies to Follow its Privacy Laws
The country wants to impose “secrecy of communications” rules on foreign tech companies like Google, Apple, Facebook, and Amazon.
DuckDuckGo to Use Apple Maps for Private Search
Private search provider DuckDuckGo announced it will use Apple Maps to power location-based searches.
Your Privacy Can't be Left up to Others
Doc Searls argues that if your privacy is in the hands of others alone, you don’t have any privacy.
If you think regulations are going to protect your privacy, you’re wrong. In fact they can make things worse, especially if they start with the assumption that your privacy is provided only by other parties, most of whom are incentivized to violate it.
I think Mr. Searls makes some good points. I’m in favor of privacy regulations, but I also agree that individuals need to manage their privacy better. Privacy should also be the default, and not a feature you have to pay for.
We do Not Know how to Talk About Online Privacy Violations
The debate over user privacy online is getting ever more intense. Barely a week goes by without some new horror being revealed. On Buzzfeed News, Charlie Warzel laid out just how dire the privacy situation has got and how bad the general public is at understanding the problem. Whether its celeb-twinning apps or Facebook, users simply do not know enough about how their data is being used nor how to discuss the issue.
Opaque algorithms and operations allow executives to dismiss the concerns of journalists and activists as unfounded or ignorant. They argue that critics are casting normal, industry-standard practices and terms of service agreements as malicious. What does it say about us or the culture built atop the modern internet that Byzantine terms of service agreements that few understand or even bother reading govern so much of our lives online?
Apple Hired Former Facebook Privacy Employee Sandy Parakilas
Mr. Parakilas worked at Facebook for 18 months before leaving in 2012. His job was to monitor Facebook developers and their compliance to the privacy policy.
Bounty Hunter Successfully Tracked Down a Phone
AT&T, Sprint, and T-Mobile sell access to customers’ location data. As an experiment, Joseph Cox paid a bounty hunter to locate a phone, and it worked.
The bounty hunter did this all without deploying a hacking tool or having any previous knowledge of the phone’s whereabouts. Instead, the tracking tool relies on real-time location data sold to bounty hunters that ultimately originated from the telcos themselves, including T-Mobile, AT&T, and Sprint, a Motherboard investigation has found. These surveillance capabilities are sometimes sold through word-of-mouth networks.
The technology apparently works on all mobile networks, but there was some issue with Verizon. Shady practices like this are why we need an American GDPR, as well as a better FCC.
Apple's Public Billboard at CES: 'What Happens on Your iPhone, Stays on Your iPhone'
I heart this so much. There aren’t enough emojis in the world to describe how much I love Apple’s giant message to CES: “What happens on your iPhone, stays on your iPhone.” It’s on a massive outdoor sign hanging on the side of a ::checks notes:: Marriott…wait, is Apple trolling Marriott, too? Fitting, if so. Whatever, the target is ostensibly Google, Facebook, Amazon, Android, and the myriad of companies whose customers are the product. And that message is being delivered to CES in Las Vegas, a show Apple doesn’t bother to attend. Chris Velazco of Engadget tweeted the first image I could find (below), and Mashable‘s Adam Rosenberg pitched it as, “Apple spent money to publicly troll everyone else’s privacy issues at CES.” Again with the feels, Apple. Thanks for brightening my day.
Apple never shows up at CES, so I can’t say I saw this coming. pic.twitter.com/8jjiBSEu7z
— Chris Velazco (@chrisvelazco) January 4, 2019
Browser Fingerprinting? DuckDuckGo says DuckDuckNo!
In a Whonix forum a person alleged that DuckDuckGo was using browser fingerprinting techniques to track people. The search engine denies the claim however.
“Fingerprinting-detection libraries unfortunately create false positives because they don’t anticipate good actors using some browser APIs for non-nefarious purposes for which they were designed. We know this not only because we’re falsely identified here (and have been elsewhere) but because we are building this type of detection into our mobile app and browser extension and don’t similarly want to make false claims.”
DuckDuckGo CEO Gabe Weinberg said an API they use to determine the size of the browser might be triggering the fingerprinting flag.
Package Tracker 'Parcels' Adds Your Device to a Botnet
Popular package tracking app Parcels adds your device to a botnet, possibly by trying to avoid rate limiting when it comes to API usage.
Apple's International Privacy Trade-Offs
LONDON – Apple has for a long time proudly flaunted its pro-privacy values. It, quite fairly, highlights how its products are aligned with these values, especially when compared to its competitors. However, this is coming under increasing strain. According to a Techcrunch report, European customers, in particular, are beginning to question whether Apple is still putting its money where its mouth is when it comes to privacy. Deals with Google and its ongoing presence in China, are leaving Apple walking something of a tightrope.
Far from Apple’s troubles in emerging markets and China, the company is attracting the ire of what should really be a core supporter demographic naturally aligned with the pro-privacy stance CEO Tim Cook has made into his public soapbox in recent years — but which is instead crying foul over perceived hypocrisy. The problem for this subset of otherwise loyal European iPhone users is that Apple isn’t offering enough privacy.
Manage iPhone Privacy With This iMore Guide
Rene Ritchie put together a good iMore guide to manage your online information and privacy settings.
Now, just to be clear, these aren’t security tips. I’ll cover those in another column. These are privacy tips. They’re ways to make sure people and companies learn as little as possible about you, while you still get the most you can from them. Cool?
It’s a good guide and everyone should read it. It’s full of tips to manage privacy settings on iPhone and online accounts. While you’re at it, check out my guide where I include privacy apps I’ve used.
Weather Channel Accused of Mining User Data
The Los Angeles city attorney has filed a lawsuit saying that the Weather Channel collects user data for commercial purposes, not just to provide local forecasts.
The government said the Weather Company, the business behind the app, unfairly manipulated users into turning on location tracking by implying that the information would be used only to localize weather reports. Yet the company, which is owned by IBM, also used the data for unrelated commercial purposes, like targeted marketing and analysis for hedge funds, according to the lawsuit.
The New York Times uses the word “covert” in its headline. It’s not that covert though. The Weather Channel has a How is My Data Used page. I’m not defending them but people really need to start reading privacy policies and service terms. Although using dark patterns to obfuscate this is wrong.