Browser Favicons Can be Used to Track You Online

Software designer Jonas Strehle discovered that browser favicons can be used to give you a unique ID that can be used to track you across the web. It works even if you use privacy tools like a VPN, incognito browsing, deleting cookies/browser cache, and others.

To be clear, this is a proof-of-concept and not something that Strehle has found out in the wild. Strehle’s supercookie program (which uses a Cookie Monster favicon) is a proof of the concept described by the university researchers.

Android Could Mimic iOS 14 App Tracking Transparency

A report from Mark Gurman suggests that Google could add the App Tracking Transparency privacy feature to Android. But it wouldn’t be as private since Google is ultimately an advertising company.

A Google solution is likely to be less strict and won’t require a prompt to opt in to data tracking like Apple’s, the people said […] To keep advertisers happy while improving privacy, the discussions around Google’s Android solution indicate that it could be similar to its planned Chrome web browser changes.

In other words, why even bother?

‘SimpleLogin’ is an Open Source Alternative to Sign in With Apple

Sign In with Apple lets you create accounts with your Apple ID for apps that support it. Its “Hide My Email” feature protects your email by forwarding emails to your actual email. SimpleLogin does the same; it lets you create random email aliases that forward emails to your true email address. This open source alternative to Sign In with Apple helps you keep your email safe from newsletters, websites, and more. It’s free to download and use and there is an optional subscription for advanced features like custom domains, unlimited aliases, or a catch-all alias.

New Facebook Message Warns You of iOS 14 Ad Opt-In

In response to an iOS 14 feature that makes developers ask user consent to use their data, Facebook wants to remind people just how beleaguered it really is.

In the post, Facebook says that if users accept the prompts for Facebook and Instagram, the ads you see on those apps won’t change. “If you decline, you will still see ads, but they will be less relevant to you.” The tech giant notes that Apple has said that providing education about its new privacy changes is allowed.

To me, the most offensive part about this isn’t Facebook pretending to care about “businesses other than itself that rely on ads to reach products customers.” It’s how it says “This won’t give us access to new types of information.”

Data Privacy Day 2021: Tresorit Responds to Encryption Backdoors

For Data Privacy Day 2021, companies with private products like Tresorit, ProtonMail, Threema, and Tutanota, have issued a joint statement about proposed laws about backdoored encryption.

[…] encryption is an absolute, data is either encrypted or it isn’t, users have privacy or they don’t. The desire to give law enforcement more tools to fight crime is obviously understandable. But the proposals are the digital equivalent of giving law enforcement a key to every citizens’ home and might begin a slippery slope towards greater violations of personal privacy.

Google Still Doesn’t Have iOS 14 Privacy Labels

I’ve been hesitant to keep sharing these stories. At the time this news first appeared I was skeptical, saying that we just got over the holidays so give Google a break. But as the days turn into weeks, this is when it does start to look damning and now it’s time to give Google some heat.

On January 5, Google told TechCrunch that the data would be added to its iOS apps “this week or the next week,” but both this week and the next week have come and gone with no update. It has now been well over a month since Google last updated its apps.

Even Facebook Submitted Privacy Labels. How Bad Could Google’s Be?

The last update for Google’s iOS apps was on December 7, one day before App Store privacy labels went into effect. Is Google delaying the inevitable?

As for why Google might be trying to delay revealing its privacy label information, it’s possible the company saw all the bad press Facebook got when the social media giant was forced to reveal all the ways its apps track users, and the press and social media reactions spooked the company. Facebook Messenger’s privacy labels are horrifyingly long, for example.

For this one I’m going with a modified version of Hanlon’s Razor: “Never attribute to malice that which is adequately explained by the holidays.” I haven’t gotten updates for a bunch of other apps, either.

Apple, Google, Microsoft, Mozilla Take on Kazakhstan Government

Apple, Google, Microsoft, and Mozilla are teaming up to ban a root certificate used by the Kazakhstan government to decrypt HTTPS traffic for residents in the country’s capital, the city of Nur-Sultan.

Kazakh officials justified their actions claiming they were carrying out a cybersecurity training exercise for government agencies, telecoms, and private companies.

The government’s explanation did, however, make zero technical sense, as certificates can’t prevent mass cyber-attacks and are usually used only for encrypting and safeguarding traffic from third-party observers.

Facebook Warns of iOS 14 Privacy With App Banners

Facebook’s latest move is to display banners in its business apps saying there will be an impact to marketing efforts. In this case, the “users” that Mr. Espósito refers to in his article are the actual users—the advertisers. This banner is seen in Facebook Business Suite and Facebook Ads.  The problem with Facebook’s argument though is that, like Tim Cook tweeted, they can still track you across all the apps like before. What angers Mark Zuckerberg is user consent (sorry, product consent, products being the people that use Facebook).

The fact that Facebook is now showing these messages in its iOS apps criticizing Apple demonstrates that the company is trying to get popular appeal to change Apple’s mind about its new App Store privacy rules.

Private Messenger ‘Signal’ Adds Encrypted Group Video Calls

Good news for users of Signal. The app now supports group video calls, and they are end-to-end encrypted like the rest of the app’s communications.

Now when you open a group chat in Signal, you’ll see a video call button at the top. When you start a call, the group will receive a notification letting them know a call has started.

When you start or join a group call, Signal will display the participants in a grid view. You can also swipe up to switch to a view that automatically focuses the screen on who is speaking, and it will update in real time as the active speaker changes.

WIN an iPhone 16 Pro Max!