Category Archives: Privacy

Facebook is in More Hot Water

Glad I am not Mark Zuckerberg,

Well, maybe.  I think I would like to have his bank account 🙂

Facebook is making some efforts to rehabilitate it’s image within the fundamental constraint that it is selling your data for a living.  While pretending that it is all for your benefit.

As part of this rehab effort, Facebook is reviewing tens of thousands (or more) of apps to find ones that are misusing data.

So far, they have “suspended” about 200 apps.

One app, myPersonality, has likely misused large amounts of data on millions of users over the last 3-4 years.  It, too, is now suspended.

To quote someone (there is a debate as to who) :  With Great Power Comes Great Responsibility.

This may be a defining moment for Facebook.

So what should you do?

The greatest power is the power wielded by the Internet user.  Facebook can only collect information that you provide it. Same for Google.  Sometimes the information is provided willingly.  Other times it is much less obvious, like when Google collects information about what web pages you visit and for how long.

Hopefully, for most people, it is becoming painfully obvious that YOU are the product.

So be careful about what apps you install, what data you provide and to whom.  Or not.  But, if not, understand the implications.  

One thing you should assume.  If you provide information to an app or a public web site, it could become public.   If that is a problem, don’t provide the information.

Information for this post came from The Register.

Facebooktwitterredditlinkedinmailby feather

Google to Add GMail Features – Maybe – For A Fee?

Google has a interesting strategy.  Build prototypes of products.  Show them or leak them.  See if anyone cares.   Kill them if it doesn’t work out – there are lots of examples.  After many users are already using them.

One other thing that they do is attempt to lock users into the Google ecosystem.  Of course.

Tech Crunch is reporting that Google is working on a self destructing email (like Snap Chat for email?).  But it only works if both users are on GMail and only if both users use the web client for GMail.  Sounds a bit limiting.  If one user is not using the GMail web client, they get a link instead that takes them to the web.

They may also be adding a feature to stop printing and stop forwarding.

Again, if they do, it will only work for GMail on both ends and only with the GMail web client.

Information for this post came from The Register.

So what does this mean?

Well first, what seems to be missing is end to end encryption, which seems like a pretty important feature.  

But encryption stops them from reading your email and doing things that they like to do.  They don’t read your emails to target ads – they have better ways to target ads – but they do read them for other features.

Next, the speculation is that this will only be available under the paid GMail model (GMail for business).  The paid version costs either $10 or $25 a month per user.  At that price there are competitors.

As of last year, Google said that they had 3 million paying users.  Microsoft says that they have 60 million paying Office 365 users and adding 50,000 customers (not mailboxes) a month.  Google never wants to play second fiddle.

It is certainly possible that they will give it away for free, but given that they are so far behind Microsoft, maybe not.  With GDPR taking effect in the European Union next month and other countries, not including the U.S. following the EU lead, maybe ad revenue might be less predictable going forward.  Millions of monthly paying customers might be nice.

If you are looking for a free answer for secure email, Proton mail is a good choice.  They also have a paid version with more features, but the free version is pretty good.

Office 365 has nice security features at well below $25 a month.  Microsoft has said that they are about to roll out end to end encryption for all paid Office 365 users at all levels.

The bottom line is that if you are looking for a secure email solution there are some decisions to make.  To me, Google’s solution is not so great.

 

Facebooktwitterredditlinkedinmailby feather

Facebook Caught Mining User Data Again

This time, the data that Facebook is mining is your call data and your text message data.  But there is a difference.  In this case, Facebook says that it asked permission when you installed Messenger or Facebook Lite.  However, the default was to collect the data and it was not very clear to users that the data was being collected.

They have been doing this from both Android and iPhone users.

If you download your Facebook data (to download your data, go to http://www.facebook.com/settings  and click on the tiny little link at the bottom that says download a copy of my facebook data), you can see what data Facebook has.

Roughly a year ago, Facebook made it more obvious that they were collecting the data when you install the app.

Facebook says that they never sell this data (probably true) and it’s purpose is to let friends find each other on Facebook and help them create a better experience for everyone (more doubtful).

OK; lets say you are a FB Messenger user, what can you do?

1.  Check if your contacts are being synced with Facebook.  The instructions are different between iPhone and Android users, but the instructions can be found at https://www.facebook.com/mobile/messenger/contacts/ .

2. You can turn off syncing contacts by following the instructions at https://www.facebook.com/help/838237596230667 .  Again, the instructions are different between the iPhone and Android.

3. You can delete your call history from Messenger also.  Instructions can be found at https://www.facebook.com/help/messenger-app/870177389760756?helpref=hc_fnav .

Suffice it to say, Facebook is going to try real hard to capture the data.  After all, the name of the game for them is to harvest your data to increase your use and dependence on Facebook and to use that data to sell you stuff.

However, you can disable it.  Just not easily.

 

Information for this post came from Ars Technica.

Facebooktwitterredditlinkedinmailby feather

NBC Reports Seven States Election Data Hacked

NBC is reporting that the Intelligence Community developed substantial evidence that Russian financed attackers compromised the voter registration systems or web sites of seven states to different degrees.

Up until this time DHS has been completely mum about this, saying absolutely nothing.

But now NBC is reporting that the seven states are Alaska, Arizona, California, Florida, Illinois, Texas and Wisconsin.

The officials say that the systems were compromised in different ways and to different degrees.

Those state and federal officials that spoke to NBC claimed that no votes were changed and no voters taken off the voter rolls. They did not, however, provide any evidence to support those claims, so I guess we should trust them.  After all, why would they lie?

After NBC broadcast the story, the Homeland Security acting spin doctor Tyler Houlton said the reporting is not accurate and is actively undermining efforts of the Department of Homeland Security to work in close partnership with state and local governments to protect the nation’s election systems from foreign actors.  He did not say what about it was inaccurate.   Did he mean that there were only 6 states?  OR, that there were 9 states?  We don’t know.

He also said, via Twitter, that DHS has no intelligence that corroborates NBC’s reporting.

Today, Michael Daniel, top cyber security official at the end of the Obama administration, basically corroborated the NBC reports.

Perhaps DHS is telling the truth.  As the states have complained for a year now, DHS is not sharing any information with them.  Maybe the intelligence community is not sharing information with DHS.  If that is the case, both NBC and DHS could be telling the truth.

Regarding the statement that reporting is undermining the efforts to keep us safe, I have a couple of thoughts.

First, it may be useful to not telegraph how much we know to the Ruskies.  Up until now, the only state that we knew had been hacked was Illinois.  Now they know that we know that there are at least seven states.  They can compare this to the list of states that they did hack and say, maybe, “wow, we got away undetected 50%  of them time”.

But from a different standpoint, don’t the American people deserve to know the extent of Russian meddling in our elections?

For those of you who are cynical, you may draw a correlation between the current administration’s repeated efforts to “believe” Putin and disbelieve our own intelligence community and an effort by DHS to withhold information on the degree of Russian hacking.

Is this related, also, to the fact that until last week (when they appointed a committee to look into it) the Justice Department was not doing anything at all to deal with the Russian hacking?

And, is this related to the comment that soon-to-retire Admiral Mike Rogers, head of the NSA and of Cyber Command’s made before Congress that the White House has not asked them to do anything to stop Russian election hacking?

I don’t know the answer, so you are going to have to draw your own conclusions.  However, given the amount of smoke around this subject, there likely is a really, really, big fire.

Information for this post came from NBC News.

 

Facebooktwitterredditlinkedinmailby feather

The UN-VPN

Why do people usually use a VPN connection over the Internet?  Usually it is for added security and privacy.  What if a VPN offered security, but even less privacy than without it – would you use it?

Well some people are and probably do not even know it.

In 2013 Facebook bought an Israeli company, Onavo.  Onavo bills itself as a data analytics company – which makes perfect sense why Facebook would purchase it.

But where do they get the data that they want to analyze?

Well that’s easy.  They also make a VPN software product – a virtual private network – that creates a secure tunnel for you to send your Internet traffic over.

However, unlike reputable VPNs which work very hard to collect as little data about you as possible, hence aiding your privacy, Onavo collects as much data as possible about it – to aid Facebook’s mission of shoving more ads down your digital throat.

According to a Wikipedia article (here), Facebook is also using Onavo to internally monitor competitors, influence acquisitions and make other business decisions.

If you have the Facebook iPhone app installed and you click on the menu item for Protect, it will direct you to download Onavo.

It also has an Android app available in the Google Play store.

Facebook says that by collecting as much data as possible about your use of the Internet they can protect you better.  Hmmm, interesting thought.  Other companies seem to do that without having to track what sites you visit.

Many anti-virus products have a browser plugin that looks at the site you want to visit and see if it is malicious.  They don’t need to store the history of what sites you have visited nor do they need to associate those sites with your advertising ID in order to tell if the site is malicious.

Unlike most VPN products that only run when you ask them to run, Onavo tries to stay in your browsing stream all the time.  After all, it cannot collect data on your browsing habits if it is not running.

Onavo says that it may retain your data for as long as you have an account.  Or beyond.  I somehow don’t think that is required to protect you either.

So, if you are looking for more targeted Facebook ads (and ads on those other web sites that use the Facebook ad platform), this is the software for you.

If you are looking for privacy, I am thinking there are probably better alternatives.

Information for this post came from Wired.

 

 

 

Facebooktwitterredditlinkedinmailby feather

CLOUD Act Bill Addresses Thorny Issue of Overseas Data Subpoenas

Microsoft has been fighting with the Justice Department for years over some data Justice wants that Microsoft says is stored in Ireland.

Justice says Microsoft can bring it back to the US and then they can subpoena it.  Microsoft says doing that will break EU laws.  The argument goes on.  The current status is that Microsoft won on appeal but it is now going to the US Supreme Court.

The CLOUD (Clarifying Lawful Overseas Use of Data) Act was introduced in the Senate this week.  If it passes, it will modify the Stored Communications Act and will require US companies to turn over emails or other information in the provider’s care, control or custody, even if it is stored outside the US.  OK, that part is clear.

Here is where it gets a bit muddy.

It also allows for the vendor to ask for the subpoena to be quashed if it believes the customer is not a US citizen and  if disclosure provides a material risk that the firm would violate the laws of another country.

Given that caveat, will anything change?  Well, I guess, if US citizens are storing data overseas under the control of a US company in an effort to keep it out of the reach of the Feds, then they aren’t very bright anyway and the Feds can compel the provider to turn over the data, even if it is stored outside the US.

The bill also provides mechanisms to notify foreign governments when a legal request involves one of their citizens and provides a way to initiate a legal challenge to the request.

That may help improve things if the mechanism is better what we have today. There is a mechanism but it is not very speedy.

The bill also will help foreign governments obtain data held in the US by allowing the US government to sign bilateral data sovereignty agreements for cross border digital evidence.  Which countries would be warm to such an idea is not clear.  And, it has provisions like the other country has robust privacy standards.  Other countries might not think WE have very robust privacy standards.

IF such an agreement is reached, the other country has to remove any impediments to US government data requests.

The US is in discussions with the UK over such an agreement right now.  This is not a big surprise given the UK’s recent passing of the new Snooper’s Charter which allows for widespread surveillance and data collection, much like our Patriot Act.

Still, it is not clear what it’s chances of passage are and unless other countries sign up for this bilateral agreement, not much will change.

What is clear is that some countries – and maybe the ones we are most interested in – like China, Russia, North Korea, Ukraine, Venezuela and others – will not agree to anything with us.

Still, it is interesting and we will see what happens to this bill in the coming months,

Information for this post came from The Register.

Facebooktwitterredditlinkedinmailby feather