Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#app’

11

MoviePass CEO Addresses Privacy Concerns, Says App Has Never Monitored Users’ Locations

March 14, 2018

MoviePass CEO Mitch Lowe said he misspoke at a recent industry conference in describing the kinds of data the company tracks on its users — and he emphasized that the startup will always allow customers to opt in to location-based marketing offers in the future.

Last week, MoviePass removed a feature from its iOS app that would have let the company continuously track the location of customers. That came after Lowe’s comments at an entertainment finance conference in L.A. the week prior boasting about the wealth of personal data MoviePass aggregates on customers.

“We get an enormous amount of information,” he said March 2 at Winston Baker’s Entertainment Finance Forum. The MoviePass app tracks users “in your GPS by the phone… so we watch how you drive from home to the movies. We watch where you go afterwards, and so we know the movies you watch. We know all about you. We don’t sell that data. What we do is we use that data to market film.”
In an interview with Variety on Monday, Lowe said he was mistaken about what data the MoviePass app actually collected. “I said something completely inaccurate as far as what we are doing,” he said. “We only locate customers when they use the app.”
He added, “If you get in your car and drive five miles, we don’t know where you are or where you are going.”

The MoviePass app checks the location of a user only on two different occasions, according to Lowe: when they’re checking for a participating theater in their area and when they check in to a theater (to verify their credit card).

MoviePass made the update to the iOS app in consultation with Apple. Previously, the app gave users Apple’s three standard privacy options: never track; track when using the app; and always track. Lowe said the app never activated the “track all the time” capability. “We never used it, and it was confusing to have it there,” Lowe said.

In the future, MoviePass envisions building out “this whole ‘night at the movies,’” to give customers recommendations of what to do before or after seeing a movie — for example, getting a special offer from a nearby restaurant. “When we do that, if we do that, we’ll send a request to each customer to let them opt in or opt out,” Lowe said.

As far as the information MoviePass shares with exhibitors and studios, Lowe said that data is completely anonymized. “There’s never any personal information” shared with partners, he said. “We never reveal any information that will let them know who bought what.”

According to Lowe, about “half a dozen” customers said they canceled their service over the privacy concerns. “It’s not a huge number,” he said.

MoviePass currently has about 2 million subscribers, and Lowe has predicted that it will top 5 million by the end of 2018. But many industry observers are skeptical that MoviePass’ model is sustainable — given that the New York-based startup subsidizes moviegoing at a substantial loss.

The company’s plan has been to generate additional revenue by sharing customer-viewing data it collects in deals with studios, exhibitors and other potential partners.
Meanwhile, the startup has encountered resistance from some theater chains, including AMC Theatres. MoviePass says its service is now accepted at more than 91% of theaters across the U.S.

After initially launching the service starting at $30 per month, MoviePass cut its monthly pricing to $9.95 last summer. Then in February, it introduced a plan that works out to $7.95 per month (for customers who pay $115.35 for one year, which includes a $19.95 processing fee). MoviePass subscribers may see up to one movie per day at participating theaters, with certain restrictions.

According to MoviePass, the company currently buys around 6% of all domestic movie tickets. Lowe predicts it will be buying around 20% of all tickets by the end of this year.

MoviePass sold a majority ownership stake to data firm Helios and Matheson Analytics for $27 million last summer. Other investors in the New York-based company have included Lowe, True Ventures, NALA Investments, WME, and former Facebook chief privacy officer Chris Kelly.

Tags: , ,

main-snowden

Snowden’s new app is a step forward in privacy protection – former MI5 officer

December 27, 2017

Ed Snowden’s new personal security app can be a good tool to protect individual privacy in the technological arms race of those seeking privacy and its invaders, but it also has a flip side, says a former MI5 intelligence officer.
Last week, the president of the Freedom of the Press Foundation, Edward Snowden, presented a “personal security system,” Haven, aimed at helping individuals such as investigative journalists, political and social activists to track “their possessions and physical spaces when they are away from them.”

Haven can turn any Android phone into a surveillance system. Annie Machon, a former MI5 intelligence officer, says this system can be very helpful to “activists, journalists, and whistleblowers,” but also has the danger of being turned into a spying device.

“Most people focus on the tech security these days, but if you’re going into potentially hostile territory – you’re staying in hotels – it is not just your laptop that’s under threat, it is also the holistic physical security you need to think about. So, having something that you can leave in your hotel room, even if you take your laptop with you to check, to see if someone hostile has come into your room, potentially planted a bug or fiddled with your belongings or whatever, I think that could be very useful indeed,” Machon said.

However, she doesn’t exclude that the device may be hijacked as well or used with malignant intentions.

“That can have a good side if there is a domestic abuse going on, for example, and you want to record proof of it and then go to the police. It can have a bad side, because you might feel you’re being stalked by a jealous ex-spouse or spouse. So, there are always pluses and minuses with these new technologies. But just to have this as tool is a step forward,” she said.

Machon said that if one is out doing things that require privacy and security, this is another wonderful tool in the arsenal of our protection, but people should not forget about old-school spy measures while relying on technology.

“This is something that is going to be used in your absence, so it can’t spy on you at the time, because you’re going to be out of whichever room you want to ensure is safe. So if it’s hacked, it’s hacked – and you have to take other measures,” she said.

“And we are all very paranoid about modern tech, but if you were really a high value target, even way back in the 1980s or 1990s, then your telephones could be turned against you, the old tech could be turned against you, just as the new tech was.”

A new app developed by NSA whistleblower Edward Snowden promises to harness the surveillance power of your smartphone. None of the data collected by Haven is sent to outside servers, meaning people remain in full control of their data. It was developed in conjunction with the Guardian Project, a global collective of software developers and activists who create open-source mobile security technology.

“I have no doubt that Edward Snowden knows what he’s doing. He is trying to develop this as open source. He with his background, as NSA whistleblower, will be very aware of the sort of issues that state level activists might be able to deploy. I am sure he will build in a lot of very paranoid technology to keep people safe,” Machon said.

Machon said that there had always been “sort of arms race between what the attackers can do to invade your privacy, and what you can do to try and protect your privacy as a concerned citizen, who requires that basic human right.”

She gave the example of drug cartels in Latin America in the 1980s. “They had so much money – they were effectively running their own mercenary intelligence agencies to take counter surveillance measures. And they did it incredibly well,” she said.

Tags: , ,

screen-shot-2015-02-05-at-3-44-09-pm-100567029-primary-idge-100573576-primary-idge-100574407-large-idge-100650434-primary-idge

Uber to end post-trip tracking of riders as part of privacy push

August 31, 2017

Uber Technologies Inc. is pulling a heavily criticized feature from its app that allowed it to track riders for up to five minutes after a trip, its security chief told Reuters, as the ride-hailing company tries to fix its poor reputation for customer privacy.

The change, which restores users’ ability to share location data only while using the app, is expected to be announced on Tuesday and rolled out to iPhone users starting this week. It comes as Uber tries to recover from a series of crises culminating in the ouster of Chief Executive Travis Kalanick and other top executives.

Dara Khosrowshahi, the CEO of travel-booking company Expedia Inc., is set to become Uber’s new chief executive, sources have told Reuters.

The location-tracking update is unrelated to executive changes, said Joe Sullivan, Uber’s chief security officer, in an interview with Reuters. Sullivan and his team of about 500 have been working to beef up customer privacy at Uber since he joined in 2015.

“We’ve been building through the turmoil and challenges because we already had our mandate,” said Sullivan, who is a
member of the executive leadership team that has been co-running Uber since Kalanick left in June.

Uber must make changes at top to fix culture woes, experts say
uber
An update to the app made last November eliminated the option for users to limit data gathering to only when the app is in use, instead forcing them to choose between letting Uber always collect location data or never collect it. (Gian-Paolo Mendoza/CBC)

An update to the app made last November eliminated the option for users to limit data-gathering to only when the app is
in use, instead forcing them to choose between letting Uber always collect location data or never collect it.

Safety feature

Uber said it needed permission to always gather data in order to track riders for five minutes after a trip was completed, which the company believed could help in ensuring customers’ physical safety. The option to never track required riders to manually enter pickup and drop-off addresses.

But the changes were met with swift criticism by some users and privacy advocates who called them a breach of user trust by a company already under fire for how it collects and uses customers’ data. Uber said it never actually began post-trip tracking for iPhone users and suspended it for Android users.

‘Data is the new oil’: Your personal information is now the world’s most valuable commodity

Privacy experts call on Uber to investigate after man gets nearly $1000 bogus bill
Sullivan said Uber made a mistake by asking for more information from users without making clear what value Uber
would offer in return. If Uber decides that tracking a rider’s location for five minutes is valuable in the future, it will seek to explain what the value is and allow customers to opt in to the setting, he said.

Sullivan said Uber was committed to privacy but had previously suffered “a lack of expertise” in the area.

The change comes two weeks after Uber settled a U.S. Federal Trade Commission complaint that the company failed to protect the personal information of drivers and passengers and was deceptive about its efforts to prevent snooping by its employees.

Uber agreed to conduct an audit every two years for the next 20 years to ensure compliance with FTC requirements.

The location-tracking changes will initially only be available to iPhone users, but Uber intends to bring parity to Android devices, Sullivan said.

The changes are part of a series of updates expected in the coming year to improve privacy, security and transparency at Uber, Sullivan said.

Tags: , , ,

whatsapp-encryption-explained

German consumer groups sue WhatsApp over privacy policy changes

January 31, 2017

WhatsApp’s privacy policy change allowing Facebook to target advertising at its users has landed the company in a German court.

The Federation of German Consumer Organizations (VZBZ) has filed suit against WhatsApp in the Berlin regional court, alleging that the company collects and stores data illegally and passes it on to Facebook, the federation said Monday.

Facebook acquired WhatsApp in October 2014, but it wasn’t until August 2016 that WhatsApp said it would modify its privacy policy to allow it to share lists of users’ contacts with Facebook. The move made it possible to match WhatsApp accounts with Facebook ones where users had registered a phone number, giving the parent company more data with which to make new friend suggestions and another way to target advertising.

Of particular concern to VZBZ is the way that WhatsApp transfers numbers from its users’ contacts lists to Facebook — even when those numbers are not WhatsApp users. The federation wants the companies to stop transferring such information, and to delete any already transferred. It is also objecting to eight clauses in WhatsApp’s revised terms of use, including one allowing WhatsApp to provide users with advertising materials from the rest of Facebook without their consent.

The policy changes have also landed WhatsApp in hot water elsewhere.

Within days, privacy campaigners including the Electronic Privacy Information Center and the Center for Digital Democracy complained to the U.S. Federal Trade Commission, accusing the companies of unfair and deceptive trade practices.

The city of Hamburg was first to rule against the companies, ordering Facebook in September to stop collecting data about WhatsApp users and to delete any data it had already gathered.

In October, European Union privacy watchdogs asked the companies to end the data transfers while they investigated whether they needed additional user consent to comply with EU privacy laws.

There’s even concern that the data transfer may have breached antitrust law. In December the European Commission said it was investigating concerns that Facebook had intentionally or negligently submitted incorrect or misleading information to antitrust regulators in the run-up to its acquisition of WhatsApp. Back then, the company told regulators that the phone number matching now being done could not be performed reliably. If the Commission concludes regulators were misled, it could fine the company 1 percent of worldwide revenue.

To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
Related: Social Networking Internet Mobile Security

Tags: , ,

meitu

Meitu, a Viral Anime Makeover App, Has Major Privacy Red Flags

January 20, 2017

MEITU IS A popular app that transforms your selfie into an adorable anime character. You’ve probably already downloaded it. In exchange for the simple pleasure of giving you an absurd makeover, though, it demands sprawling access to your personal data and numerous features of your smartphone, seemingly collecting a bloat of information about you in the process. Wannabe nymphs and sprites everywhere: be warned.

It’s normal for apps to need access to a variety of data and functions on a smartphone so they can run properly and deliver their service. But responsible apps ask for the fewest number of “permissions” possible so they don’t have access to anything they don’t absolutely need. It’s natural, for instance, for Meitu to accesses your camera. But it also has access to users’ GPS location, cell carrier information, Wi-Fi connection data, SIM card information, jailbreak status, and personal identifiers that could be used to track you and your device across the web.

“Many apps collect data, however usually they are well-known company names which we have already trusted our data with,” says Greg Linares, a security researcher at the threat management firm Vectra Networks. Meitu, based in China, is “a foreign company, and they are collecting some very odd data that shouldn’t be looked at necessarily for the application functioning.”

Experts say that the reason for the manifold permissions, seemingly unrelated to its core purpose, are numerous pre-built analytics and ad-tracking packages that weigh Meitu down. “Meitu has a strong partnership with Google Play—including being a part of their prestigious Sand Hill program,” Google’s boutique booster program for companies with viral potential, says a Meitu spokesperson, who also indicated that a more detailed response may be coming. (We’ll update if and when it does.) “[Google]’s provided a lot input and insight to help improve the app experience for different markets around the world.” A preliminary analysis of the Meitu iOS app by Will Strafach, co-founder of the app security firm Verify.ly, found that it collects a variety of personal data, but nothing far outside the norm.

Meitu’s not alone in loading up on hidden adware, of course, and it’s always important to pay attention to the permissions any app requests. Even well-known apps like Pokemon Go can run into problems if people discover that the programs can access too much. But without technical know-how there isn’t always a way to know the extent of an app’s reach. And with a popular app like Meitu it can be impossible to determine a developer’s true motives, though the company’s privacy policy seems to limit exposure to third parties.
“I could spend days analyzing this code,” says iOS security researcher and forensics expert Jonathan Zdziarski, who gave the Meitu app a once-over. “It’s mostly par for the course junk. I didn’t see anything overtly evil, but that doesn’t mean there’s not something more serious in there. The thing [that’s noteworthy] is the number of different analytics and ad tracking packages they’ve loaded into the app. I counted at least half a dozen different packages in there. You don’t generally need that many unless you’re selling data.”

Meitu makes a number of apps and features for different geographic markets, so some of the overreach may have to do with attempting to create interoperability between all of its services. You probably aren’t alarmed that Apple, for example, demands fairly free rein so its services can talk to each other. But free apps merit skepticism. After all, they’re generating revenue somehow. If you can’t figure out the business model, the app could well be collecting and selling some of your personal information to advertising services looking to dole out more and more effective ads.

To protect yourself, Android users should check the list of requested permissions before downloading an app, and can use the operating system’s granular permissions options to control what each app can actually access. Users can also change their minds and revoke permissions they once approved. (Older versions of Android have a bit less flexibility, so update if you can.) In iOS it’s harder to see in the App Store what permissions an app will require, but iOS also offers detailed controls in Settings, and actively prompts users the first time an app attempts to access something, like the microphone, to request opt-in permission.

It’s no fun letting a meme pass you up because you’re worried about privacy, but it’s even worse to have your personal data taken for who knows what without you realizing it. Meitu may not be an outlier in the world of adware-bundled apps, but its popularity provides a useful teachable moment. Like a fantastical anime makeover, free apps often look snazzier on the surface than what’s hiding underneath.

This post has been updated to include analysis from Will Strafach.

Tags: , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
venmo
What’s Wrong With Your Venmo Account, and How to Fix It
December 4, 2018

ILLUSTRATION: RICHARD BORGE By Katherine Bindley Dec. 4, 2018 9:02 a.m. ET Few social-media e...

Read more
private
Private Blockchains Could Be Compatible with EU Privacy Rules, Research Shows
November 12, 2018

Private blockchains, such as interbanking platforms set to share information on customers, could be...

Read more
apple
Apple launches privacy portal, initiatives
October 18, 2018

Apple (NASDAQ:AAPL) launches a new privacy website letting users find personal data the company has ...

Read more
private
Just Don’t Call It Privacy
September 23, 2018

What do you call it when employers use Facebook’s advertising platform to show certain job ads onl...

Read more
static2.politico.com
Privacy and security: no simple solution, warns Rachel Dixon
September 18, 2018

The tide is turning when it comes to privacy and security, with Australians gradually becoming more ...

Read more