Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#emails’

pr

Why some privacy experts are spooked by iPhone X’s facial recognition feature

November 2, 2017

SAN FRANCISCO — Apple Inc. won accolades from privacy experts in September for assuring that facial data used to unlock its new iPhone X would be securely stored on the phone itself.

But Apple’s privacy promises do not extend to the thousands of app developers who will gain access to facial data in order to build entertainment features for iPhone X customers, such as pinning a three-dimensional mask to their face for a selfie or letting a video game character mirror the player’s real-world facial expressions.

Apple allows developers to take certain facial data off the phone as long as they agree to seek customer permission and not sell the data to third parties, among other terms in a contract seen by Reuters.
App makers who want to use the new camera on the iPhone X can capture a rough map of a user’s face and a stream of more than 50 kinds of facial expressions. This data, which can be removed from the phone and stored on a developer’s own servers, can help monitor how often users blink, smile or even raise an eyebrow.

That remote storage raises questions about how effectively Apple can enforce its privacy rules, according to privacy groups such as the American Civil Liberties Union and the Center for Democracy and Technology. Apple maintains that its enforcement tools – which include pre-publication reviews, audits of apps and the threat of kicking developers off its lucrative App Store – are effective.

The data available to developers cannot unlock a phone; that process relies on a mathematical representation of the face rather than a visual map of it, according to documentation about the face unlock system that Apple released to security researchers.

But the relative ease with which developers can whisk away face data to remote servers leaves Apple sending conflicting messages: Face data is highly private when used for authentication, but it is shareable – with the user’s permission – when used to build app features.
“The privacy issues around of the use of very sophisticated facial recognition technology for unlocking the phone have been overblown,” said Jay Stanley, a senior policy analyst with the American Civil Liberties Union. “The real privacy issues have to do with the access by third-party developers.”

The use of face recognition is becoming ubiquitous on everything from social networks to city streets with surveillance cameras. Berlin law enforcement officials in August installed a facial recognition system at the city’s main railway station to test new technology for catching criminals and terrorists.

But privacy concerns loom large. In Illinois, Facebook Inc faces a lawsuit over whether its photo tagging suggestions violated a state law that bars the collection of biometric data without permission. Facebook says it has always been clear with users that it can be turned off and the data for it deleted.

Privacy experts say their concerns about iPhone X are not about government snooping, since huge troves of facial photographs already exist on social media and even in state motor vehicle departments. The issue is more about unscrupulous marketers eager to track users’ facial expressions in response to advertisements or content, despite Apple’s contractual rules against doing so.

App makers must “obtain clear and conspicuous consent” from users before collecting or storing face data, and can only do so for a legitimate feature of an app, according to the relevant portions of Apple’s developer agreement that Apple provided to Reuters.
Apple’s iOS operating system also asks users to grant permission for an app to access to any of the phone’s cameras.

Apple forbids developers from using the face data for advertising or marketing, and from selling it to data brokers or analytics firms that might use it for those purposes. The company also bans the creation of user profiles that could be used to identify anonymous users, according to its developer agreement.

“The bottom line is, Apple is trying to make this a user experience addition to the iPhone X, and not an advertising addition,” said Clare Garvie, an associate with the Center on Privacy & Technology at Georgetown University Law Center in Washington.

ENFORCEMENT IN QUESTION

Though they praised Apple’s policies on face data, privacy experts worry about the potential inability to control what app developers do with face data once it leaves the iPhone X, and whether the tech company’s disclosure policies adequately alert customers.
The company has had high-profile mishaps enforcing its own rules in the past, such as the 2012 controversy around Path, a social networking app that was found to be saving users’ contact lists to its servers, a violation of Apple’s rules.

One app developer told Reuters that Apple’s non-negotiable developer agreement is long and complex and rarely read in detail, just as most consumers do not know the details of what they agree to when they allow access to personal data.

Apple’s main enforcement mechanism is the threat to kick apps out of the App Store, though the company in 2011 told the U.S. Congress that it had never punished an app in that way for sharing user information with third parties without permission.

Apple’s other line of defense against privacy abuse is the review that all apps undergo before they hit the App Store. But the company does not review the source code of all apps, instead relying on random spot checks or complaints, according to 2011 Congressional testimony from Bud Tribble, one of the company’s “privacy czars.”

With the iPhone X, the primary danger is that advertisers will find it irresistible to gauge how consumers react to products or to build tracking profiles of them, even though Apple explicitly bans such activity. “Apple does have a pretty good historical track record of holding developers accountable who violate their agreements, but they have to catch them first – and sometimes that’s the hard part,” the ACLU’s Stanley said. “It means household names probably won’t exploit this, but there’s still a lot of room for bottom feeders.”

FILED UNDER DIGITAL PRIVACY , IPHONE X , PRIVACY

Tags: , ,

snow1

Snowden’s email service of choice, Lavabit, lives again

January 25, 2017

Lavabit is back. Wait, what’s Lavabit?

It’s an encrypted email service most famous for its connection to Edward Snowden, the former NSA contractor who leaked classified documents to journalists in 2013. Lavabit shut down rather than comply with an order to allow the US government access to user emails in a bid to see Snowden’s communications.

The service relaunched Friday, also Inauguration Day, with a revamped approach to security.

“Regardless of one’s political disposition, today we acknowledge our shared values of Freedom, Justice, and Liberty as secured by our Constitution,” wrote company founder Ladar Levison on the Lavabit homepage. “This is the reason why I’ve chosen today to relaunch Lavabit.”

The email service comes with a variety of options that give users say over their data, but at its foundation, the idea is to scramble up emails so that only the sender and recipient can read them.

Encrypted Email And Lavabit
Lavabit chief predicts ‘long fight’ with feds (Q&A)
Lavabit founder says he fought feds to protect the Constitution
Hiding your tracks from Trump: Online privacy worries heat up
Encrypted email has been around for more than 20 years, but it’s notoriously user unfriendly. Lavabit’s most basic service will be email that’s encrypted automatically, requiring the least amount of technical expertise for users to keep their messages private. This level of service is called “trustful,” because it requires users to trust that Lavabit has this encryption thing under control.

Two other levels of service (“Cautious” and “Paranoid”) put more control in the hands of users, but also require more tech savvy. Lavabit allows users to download the source code for its email server and run their own servers at home.

New users can register now, but will have to wait until later this year to start using their Lavabit accounts. Users whose accounts were suspended can start them up again.

Levison didn’t immediately respond to a request for comment.

Tags: , , , ,

111915_dotcom_clinton_1280

FBI probes newly discovered emails tied to Clinton case

October 28, 2016

FBI Director James Comey told lawmakers Friday the bureau is reviewing new emails related to Hillary Clinton’s personal server, a development that shook her campaign 11 days before the election.

The emails being examined are part of an investigation into Anthony Weiner, according to law enforcement sources. Weiner, the disgraced former congressman, recently separated from top Clinton aide Huma Abedin after a sexting incident.
The FBI and the New York Police Department have opened preliminary investigations of allegations that the former New York Democratic congressman exchanged sexually explicit text messages with a purportedly underage girl.
The emails in question were sent or received by Abedin, according to a law enforcement official. There were a “considerable number” of emails being reviewed from at least one device shared by Abedin and Weinder, the official said. A separate official described it as thousands of pages.
The FBI is looking at whether any of the newly discovered emails will have an impact on the investigation into Clinton’s server that was closed earlier this year.
After recommending in July that the Department of Justice not press charges against the former secretary of state, Comey said in a letter to eight congressional committee chairmen Friday that investigators are examining newly discovered emails that “appear to be pertinent” to the email probe.

Hillary Clinton’s email controversy, explained
“In connection with an unrelated case, the FBI has learned of the existence of emails that appear pertinent to the investigation,” Comey wrote the chairmen. “I am writing to inform you that the investigative team briefed me on this yesterday, and I agreed that the FBI should take appropriate investigative steps designed to allow investigators to review these emails to determine whether they contain classified information, as well as to assess their importance to our investigation.”
Comey said he was not sure how long the additional review would take and said the FBI “cannot yet assess whether or not this material may be significant.”
Clinton campaign chairman John Podesta pressed Comey to release more information about the emails.
“FBI Director Comey should immediately provide the American public more information than is contained in the letter he sent to eight Republican committee chairmen,” Podesta said. “Already, we have seen characterizations that the FBI is ‘reopening’ an investigation but Comey’s words do not match that characterization. Director Comey’s letter refers to emails that have come to light in an unrelated case, but we have no idea what those emails are and the Director himself notes they may not even be significant. It is extraordinary that we would see something like this just 11 days out from a presidential election.”
Comey felt he had no choice but to tell Congress now or risk being accused of hiding relevant information before the election, law enforcement officials said in explaining the timing. The letter was “carefully worded,” one of the officials said.
The Department of Justice, which followed Comey’s recommendation not to charge Clinton, declined to comment Friday.
Law enforcement sources say the newly discovered emails are not related to WikiLeaks or the Clinton Foundation. They would not describe in further detail the content of the emails. A law enforcement official said the newly discovered emails were found on an electronic device that the FBI didn’t previously have in its possession.
The news is a major development unfolding in the final stretch of the campaign, uniting Republicans and putting the Clinton campaign on defense. GOP nominee Donald Trump and other prominent Republicans, such as Speaker Paul Ryan, jumped on Comey’s announcement to blast Clinton.
Clinton’s campaign learned of the news while they were aboard a flight to Iowa.
“We’re learning about this just like you all are,” a Clinton aide told CNN.
The Democratic nominee has the advantage in the race for the 270 electoral votes needed to capture the presidency. She is leading Trump by six points in CNN’s Poll of Polls. The question now is whether the return of the email storm, which has overshadowed her entire campaign, will have an impact on any remaining undecided voters.
Republicans: No honeymoon if Clinton wins
“Hillary Clinton’s corruption is on a scale we’ve never seen before,” Trump said at a rally in Manchester, New Hampshire. “We must not let her take her criminal scheme into the Oval Office.”
Trump’s campaign manager, Kellyanne Conway, tweeted after the news broke, “A great day in our campaign just got even better.”
Ryan said Clinton betrayed Americans’ trust for handling “the nation’s most important secrets.”
“This decision, long overdue, is the result of her reckless use of a private email server, and her refusal to be forthcoming with federal investigators,” Ryan said in a statement. “I renew my call for the Director of National Intelligence to suspend all classified briefings for Secretary Clinton until this matter is fully resolved.”
Despite lashing Clinton’s email practices as “extremely careless,” Comey declined over the summer to recommend prosecution. That move was instantly lambasted by Republicans — some of whom decried the department’s politicization. Comey eventually was called to Capitol Hill to testify and defend the FBI’s integrity and decision process.

Tags: , , , , ,

5805091c1a00002c145b9f72

When Is It Okay To Mine Hacked Emails?

October 19, 2016

On June 17, 1972, Washington, D.C. police caught five men breaking into the Democratic National Headquarters at the Watergate hotel-apartment-office complex. “The five men had been dressed in business suits and all had worn Playtex surgical gloves,” Bob Woodward and Carl Bernstein described in their famous book. “Police had seized a walkie-talkie, 40 rolls of unexposed film, two 35-millimeter cameras, two lock picks, pen-size tear-gas guns, and bugging devices that apparently were capable of picking up both telephone and room conversations.”

In 2016, Donald Trump did not need to dispatch burglars to loot the Democratic National Committee and use the information to his advantage. He had Gmail, the Russians, WikiLeaks and the New York Times. In the two major document dumps so far, thousands of private emails that were stolen by hackers and provided to Julian Assange’s organization have been published on the internet for the perusal of all.

First came a serverload of mail from the Committee itself; then more recently, on October 8, came a wholesale delivery of the contents of Clinton campaign chairman John Podesta’s inbox. If the US intelligence agency’s conclusions are to be believed, Vladimir Putin and his government did the hacking, apparently in an attempt to tilt the American election. The perpetrators were counting on the US media to feast on this purloined corpus, sucking the meat from the bones of every email.
Feast they did. Since the leak dropped, the Times, the Washington Post and numerous other publications and blogs have been mining the emails for stories. This is perfectly legal. As long as journalists don’t do the stealing themselves, they are solidly allowed to publish what thieves expose, especially if, as in this case, the contents are available to all.

In 1972, journalists helped bring down a president by exposing the theft of political information. In 2016, it’s a presidential campaign urging us to gloss over the source of emails and just report what’s in them, preferably in the most unflattering light. Indeed, it’s not the theft that’s taken center stage, but rather the contents of the emails, as journalists focus on getting maximum mileage by shifting through the loot as if the DNC’s collected ephemera were the Pentagon Papers. And they are not.

Which leads me to wonder: is the exploitation of stolen personal emails a moral act? By diving into this corpus to expose anything unseemly or embarrassing, reporters may be, however unwillingly, participating in a scheme by a foreign power to mess with our election. Still, news is news, and it’s arguably a higher calling than concerns about privacy. (At least that’s what we journalists would argue!) By her refusal to share transcripts of her high-paid speeches to Wall Street firms, Hillary Clinton had already ignited efforts to find out what the heck she said to those fat cats. So it seems, well, seemly, that news organizations would leap at the unfortunate emails in which Podesta and colleagues did the work for journalists by pulling out the most uncomfortable portions of her appearances.

But then came a secondary wave. Taking advantage of WikiLeaks’s easy search function, journalists went deep into the emails. On October 10, the New York Times ran two more stories drawn from the release. One article mined a series of exchanges that suggested tension between the Clinton campaign and the mayor of New York. The other used the emails to document the not-terribly-earthshattering revelation that the Clinton campaign was having difficulty honing its message.

Both stories were inside-politics subjects that, without the juicy immediacy of information never intended to be public, might have been the kind of dry stories that run deep in the paper. But in this case, the stories wrote themselves because the reporters had emails stolen from Russian hackers. I’m guessing that they got better placement in the paper and more attention online because of the easy scoops.

As a “good” journalist, I know that I’m supposed to cheer on the availability of information. Probably every investigative journalist is envious of investigators with subpoena power, and often dreams of acquiring the authority to access private emails. Suddenly having that wish granted must seem like manna from heaven.

RELATED: How Hillary Clinton Adopted the Wonkiest Tech Policy Ever

Yet the second wave of stories got me wondering. Call me a moral relativist, but if I wrote that first story about the speeches, I would have no misgivings. But if I’d done the second set  —  and I’m not saying I wouldn’t have, had I been on that beat  —  I might be bothered by the unseemliness of picking at a stolen cache of emails. Sometimes journalists have to do uncomfortable things to get at the truth. But it’s difficult to argue that these discoveries were unearthed by reporters for the sake of public good. After all, didn’t we already know that the Clinton campaign had a message problem? In addition, because the Russians weren’t evenhanded enough to give us emails from the Trump campaign, the whole exercise is one-sided.

We’ve been here before. Remember the 2014 Sony hack? Computer rogues allegedly from North Korea (perhaps offended by a Seth Rogan movie) exposed over 170,000 emails of corporate correspondence.

A streak of stories followed the leak, easily tiered by the level of newsworthiness. Evidence that Sony was participating in a hitherto unexposed movie industry initiative against Google seemed like information the public had a right to know. But does that right extend to the disparaging language about President Obama and others that Sony’s then-co-CEO Amy Pascal used in private? Maybe, maybe not. Then there was information that revealed no transgressions, but was pretty juicy stuff. Gossip about what executives thought of various movie stars. Salaries and budgets. Everyday tasks of movie executives doing their jobs. The internal workings of a studio are fascinating, but no one would argue that the public had a right to this information. The press was offered an opportunity to know about it  —  and it grabbed it.

In a fierce op-ed piece, screenwriter Aaron Sorkin argued that journalists cheapened themselves by mining the data in the Sony hack:

I understand that news outlets routinely use stolen information. . . But there is nothing in these documents remotely rising to the level of public interest of the information found in the Pentagon Papers… As demented and criminal as it is, at least the hackers are doing it for a cause. The press is doing it for a nickel.
In the wake of the Podesta/DNC hacks, some press critics are revisiting Sorkin’s arguments. In a salient Tweet stream, sociologist Zeynep Tufekci complains that members of the press are “unable to take their eyes off the bright candy that fell from the piñata.” On the other hand, Glenn Greenwald vociferously defends journalists who dig into the emails, regardless of what details they unearth.

For someone who has been such a strong voice about government violations of email privacy, I would have assumed that Greenwald would express some outrage that a powerful government might have stolen personal emails to promote its agenda. Instead, he argues essentially that powerful people have less of a claim on privacy. Greenwald also reasons that, by exposing the inner workings of a campaign, the WikiLeaks dump sheds light on the way that major parties generally conduct campaigns, allowing us to examine the failings of “business as usual.” This resonates with me like a tuning fork—but hey, I’m a journalist. Still, it would be so much nicer if some disgruntled colleague of Podesta’s was providing information to reporters, rather than Vladimir Putin using them as stooges to undermine our democracy. Most disturbing, the message to those contemplating future electoral mischief by hacking an opponent is: Go ahead, it really works!

So what should journalists do when presented with hacked personal emails, especially since this situation may become the new normal? To be honest, I don’t know the answer to that question. That’s why I’m opening the floor to all of you Backchannel readers. What are journalists to do when WikiLeaks or anyone else dumps stolen private emails into open channels? Should there be guidelines to follow, or is it moral to amplify anything that’s already exposed on the internet, even if the exposers are lawbreakers with an agenda? Does anyone else feel uncomfortable that the dirty work of Russian hackers is being cheerfully mined for gossipy inside-politics accounts?

Tags: , , , ,

bn-py738_0923de_j_20160923160607

Privacy Debate Flares With Report About Yahoo Scanning Emails

October 7, 2016

Reuters reported Tuesday that Yahoo built a software system last year to scan all incoming email for specific information provided by intelligence officials, in compliance with a classified U.S. government directive. PHOTO: EUROPEAN PRESSPHOTO AGENCY
By ROBERT MCMILLAN and DAMIAN PALETTA
Updated Oct. 5, 2016 3:21 p.m. ET
10 COMMENTS
Big technology companies, including Google, Microsoft Corp., Twitter Inc. and Facebook Inc. denied scanning incoming user emails on behalf of the U.S. government, following a report that Yahoo Inc. had built such a system.

Reuters reported Tuesday that Yahoo had built a software system last year to scan all incoming email for specific information provided by intelligence officials, in compliance with a classified U.S. government directive.

The system was built without the knowledge of Yahoo’s security team, and its discovery prompted the departure of Yahoo’s then-Chief Information Security Officer Alex Stamos, Reuters reported. Mr. Stamos declined to comment.
It is unclear whether Yahoo ever provided the government with information gleaned from the system.

In a statement Tuesday, Yahoo said it “is a law abiding company, and complies with the laws of the United States.” On Wednesday, Yahoo issued a second statement, describing the Reuters article as “misleading” and saying the mail scanning system “does not exist.”

According to Reuters, the Yahoo system contained a flaw that could have allowed hackers to access email messages.

The Reuters account suggested the surveillance program differed from those revealed by former National Security Agency contractor Edward Snowden in 2013. In those programs, the government gained access to messages involving specific targets. But the Yahoo tool reportedly examined all incoming email.
The report sparked criticism from some lawmakers and privacy advocates.

“The NSA has said that it only targets individuals…by searching for email addresses and similar identifiers,” said Sen. Ron Wyden (D., Ore.), a member of Senate Intelligence Committee, in an emailed statement. “If that has changed, the executive branch has an obligation to notify the public.”

Patrick Toomey, a staff attorney with the American Civil Liberties Union, said “We have never heard or seen an order requiring an email provider to do something like this.”

In a statement, Richard Kolko, a spokesman for the Office of the Director of National Intelligence, said intelligence gathering is overseen by the Foreign Intelligence Surveillance Act, and any activity is “narrowly focused on specific foreign intelligence targets and does not involve bulk collection or use generic key words or phrases.” The statement also said the U.S. only looks at electronic communication for national-security purposes “and not for the purpose of indiscriminately reviewing the emails or phone calls of ordinary people.”

Representatives from the NSA and the White House declined to comment.

Other messaging providers reached Tuesday said they hadn’t built similar tools. “We’ve never received such a request, but if we did, our response would be simple: ‘no way,’” a Google spokesman said via email. Google is a division of Alphabet Inc.

“We have never engaged in the secret scanning of email traffic like what has been reported today about Yahoo,” a Microsoft spokesman said via email. Microsoft didn’t respond to questions about whether it had received such a request from the federal government.

Twitter, Apple Inc. and Facebook said they hadn’t received requests, and said they would oppose any.

Over the past year, the federal government has found itself at odds with some Silicon Valley companies such as Apple and Facebook as they have developed so-called end-to-end messaging encryption systems that would prevent them from being able to monitor their users’ communications.

In March, the Federal Bureau of Investigation dropped a legal effort to compel Apple to circumvent the encryption protections of its iPhone to investigate the Dec. 2, 2015, terror attack in San Bernardino, Calif.

Yahoo last year pledged to introduce end-to-end encryption on email. But it is unclear the company ever followed through. A Yahoo spokesman didn’t immediately respond to a request for comment on encryption.

Tags: , , , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
privacy-coins-and-bitcoin-dominance-guide
Privacy Coins and Bitcoin Dominance Guide
August 7, 2018

The advent of Bitcoin has proved to be a key landmark in the way that money is thought about because...

Read more
Web threat
Privacy Coins Fall Through The Ranks As Market Caps Decline
July 30, 2018

Bitcoin.com has reported that the market caps for many privacy coins have decreased significantly ov...

Read more
venmo_pub_priv
SECURITY NEWS THIS WEEK: MAYBE GO AHEAD AND MAKE YOUR VENMO PRIVATE
July 25, 2018

THIS WEEK STARTED with a controversial, widely derided meeting between President Trump and Russian l...

Read more
4000
WhatsApp WARNING – Chat app blasted in damning new report on privacy
July 17, 2018

The Electronic Frontiers Foundation, EFF, has published its latest annual privacy audit, dubbed Who ...

Read more
imrs
SECURITY NEWS THIS WEEK: CARRIERS STOP SELLING LOCATION DATA IN A RARE PRIVACY WIN
June 26, 2018

WHAT'S THAT? A week with nearly as much good news as bad in the world of privacy and security? It's ...

Read more