Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘privacy’

venmo_pub_priv

SECURITY NEWS THIS WEEK: MAYBE GO AHEAD AND MAKE YOUR VENMO PRIVATE

July 25, 2018

THIS WEEK STARTED with a controversial, widely derided meeting between President Trump and Russian leader Vladimir Putin, and ended with… an invite for round two! And yes, all manner of craziness managed to happen in between.

That includes yet more denials on Trump’s part that Russia interfered—and continues to—with US democracy, a stance that has serious repercussions, however many times he walks it back. The Putin press conference performance also prompted concern across the aisle, as senators Marco Rubio and Mark Warner cast it as a major setback in efforts to safeguard the election. For what it’s worth, here’s what special counsel Robert Mueller’s been up to lately, and where he’ll likely go next.

The week wasn’t a total Trumpapalooza. RealNetworks offered a new facial recognition tool to schools for free, introducing a host of privacy-related concerns. And a company called Elucd is helping police better gauge how their precincts feel about them by pushing surveys out through apps.

Good news could be found as well! We talked to the Google engineers who built Secure Browsing, a suite of technologies that underpin security for a huge amount of the modern web. We profiled Jonathan Albright, the academic who has shined the brightest spotlight on Russian influence campaigns in the 2016 election and beyond. And we took a look at two tools Amazon has tested that could help its leaky cloud problem.

There’s more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

Venmo’s Public Defaults Start to Cause Problems
Privacy advocate and designer Hang Do Thi Duc this week brought attention to payment app Venmo’s lack of built-in privacy. Her site, Public by Default, taps into Venmo’s API to show the latest transactions taking place on the platform. In fact, the nearly 208 million public Venmo transactions that took place in 2017 can all be viewed at this URL. But while Public by Default explores the inherent privacy issues with Venmo’s opt-in privacy in largely anonymized fashion, a bot emerged Thursday that tweets the usernames and photos of any users that appear to be buying drugs. Not ideal!

Ideally, Venmo would go ahead and make transactions private by default. But because it’s structured as something of a social network—peeping other people’s emoji transaction descriptions is part of the appeal—that’s unfortunately unlikely. Instead, to better protect yourself, open the app, tap the hamburger menu in the upper left corner, tap Privacy, and select Private. You’re welcome!

The DOJ Will Make Foreign Interference Public
In a departure from current policy, deputy attorney general Rod Rosenstein Thursday said that the government will let American groups and individuals know when they are the subject of an effort to subvert US democracy. The Obama administration notably didn’t do so in 2016, fearing that going public with Russia’s actions would appear politically motivated. It’s unclear exactly how the new policy will play out in practice, given that those sorts of disclosures will require a “high confidence” in attribution—tricky, especially in the digital sphere—and that the DOJ presumably won’t make any disclosures that would threaten ongoing investigations. Still, it would at least presumably prevent the current administration from trying to downplay or cover up any intrusions in the 2018 midterms and 2020 presidential campaigns.

Ransomware Attacks Plague Medical Companies
A pair of high-profile attacks hit sensitive health care targets this week. Ontario-based CarePartners got hit with ransomware that locked out medical histories and contact info for as many as tens of thousands of patients, and apparently credit card numbers and other sensitive information as well. And the same SamSam malware that hobbled Atlanta struck LabCorp, a major lab services provider. Hackers apparently demanded $52,500 to free up the affected machines, but LabCorp appears inclined to simply replace them instead. Either way, it’s a good reminder that ransomware targets hospitals and other health care targets disproportionally, precisely because the stakes are so much higher.

A Robocall Firm Exposed Data of Thousands of US Voters
As if the scourge of robocalls weren’t bad enough already, a company called Robocent left hundreds of thousands of voter records, spread across 2,600 files, exposed on the open web. The data appears to have comprised mostly addresses and demographic information, but if nothing else it’s a reminder that the cloud needs better tools to keep this sort of thing from happening basically every week.

Tags: , ,

4000

WhatsApp WARNING – Chat app blasted in damning new report on privacy

July 17, 2018

The Electronic Frontiers Foundation, EFF, has published its latest annual privacy audit, dubbed Who Has Your Back?

The report, which has been run annually since 2011, analyses the policies and public actions of 26 companies, ranking them based on five categories.

These include “follows industry-wide best practices”, “tells users about government data requests”, “promises not to sell-out users”, “stands up to NSL gag orders”, “pro-user public policy: Reform 702”.

According to the latest Who Has Your Back? report, nine companies earned full-marks, including Adobe, Pinterest, Dropbox, Lyft and Uber.

Apple, Google and Microsoft narrowly missed-out on the five-star rating.

Microsoft and Google dropped a star in the category “stands up to National Security Letter (NSL) gag orders”.

Twitter, Snap Inc, Airbnb, and Tumblr were each awarded three stars.

However, WhatsApp only managed to score a paltry two-stars – one of the lowest marks in the Electronic Frontiers Foundation report.

Amazon received the same score.

“We were disappointed that two technology companies fell short of other online services: Amazon and WhatsApp,” the latest Who Has Your Back? report states.

“While both companies have adopted industry-accepted best practices of requiring a warrant for content, publishing law-enforcement guidelines, and publishing a transparency report, and while we applaud both companies for advocating for reforms to over-broad NSA surveillance, these two companies are not acting as leaders in other criteria that we examine.

“They don’t have the strong public policies related to notifying users of government data requests that we have come to expect from tech companies; they don’t publicly promise to request judicial review of NSLs; and they aren’t meeting our criterion about not selling out users.

“We urge both Amazon and WhatsApp to improve their policies in the coming year so they match the standards of other major online services.”

This is not the first time Facebook-owned WhatsApp has been singled-out by the Electronic Frontiers Foundation.

Back in 2015, WhatsApp failed almost every category in the report – earning a single star out of five.Although the chat app has improved in the last two years, there is clearly still work to be done, according to the categories defined by the EFF.

The latest Who Has Your Back? report also acknowledges the progress made within the technology industry with regard to user protection.

All of the 26 companies evaluated in the EFF report have implemented at least some of the practices highlighted by the Electronic Frontiers Foundation.

EFF Senior Staff Attorney Nate Cardozo commented: “The tech industry as a whole has moved toward providing its users with more transparency, but telecommunications companies — which serve as the pipeline for communications and internet service for millions of Americans — are failing to publicly push back against government overreach.

“Both legacy telcos and the giants of Silicon Valley can and must do better. We expect companies to protect, not exploit, the data we have entrusted them with.”

Tags: , ,

imrs

SECURITY NEWS THIS WEEK: CARRIERS STOP SELLING LOCATION DATA IN A RARE PRIVACY WIN

June 26, 2018

WHAT’S THAT? A week with nearly as much good news as bad in the world of privacy and security? It’s true! Especially the privacy part.

On Friday, the Supreme Court issued a hotly anticipated ruling in Carpenter v. United States, establishing that the government will need to get a warrant if it wants to track your location with cell sites. Meanwhile in California, it looks like residents might soon benefit from a privacy law that grants unprecedented power—in the US, anyway—over what data companies collect and what they do with it. And while this isn’t privacy related, strictly speaking, Apple’s new partnership with startup RapidSOS will push iPhone owners’ locations to dispatchers during 911 calls, saving first responders valuable minutes and almost certainly saving lives.

It’s not all sunshine and lollipops, of course. The same hacker group that meddled with the PyeongChang Olympics appears to be back, this time swinging at biochem labs in Europe. The hacking threat from China has escalated in step with trade war rhetoric. Pretty much every streaming device is vulnerable to the same type of DNS rebinding attack. Iran’s ban of encrypted messaging app Telegram has had a serious, layered impact on the country’s citizens. And deep fakes will make the already complicated issue of Twitter mob justice even more so.

But wait, there’s more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

The Major Mobile Carriers Stop Selling Location Information
After a public blow-up around the sharing of location data with third parties—and pressure from senator Ron Wyden—all four major US carriers have pledged to stop the practice. The change won’t happen overnight; all of these companies have long-term contracts to unwind. But it’s a rare bit of good privacy news at a time when that has seemed increasingly hard to come by.

Alleged Vault 7 Leaker Indicted
Former CIA employee Joshua Adam Schulte was indicted this week; authorities allege that he was responsible for the devastating Vault 7 leak that revealed many of the agency’s hacking secrets. Schulte had previously been held on child pornography charges. The indictment also alleges that Schulte had surprisingly lax security practices for a CIA vet; he apparently reused a less secure password from his cell phone to protect the encrypted materials on his computer as well. He faces up to 135 years in prison.

VirusTotal Monitor Should Help Keep Apps From Getting Flagged as Malware
In 2012, Google acquired VirusTotal, a site that scans online malware and viruses. This week, it announced a new spinoff product, VirusTotal Monitor, that will help app developers avoid being accidentally flagged as malware. VirusTotal already aggregates what over 70 antivirus vendors consider malware, so devs can how compare their apps against that list for a little peace of mind.

Google Makes It Easier to Check Your Privacy and Security
While not exactly offering you higher levels of security, the new Google Account panel on Android—to be followed later on iOS and desktop—does make it easier to see exactly what your settings are, along with a “privacy checkup” and “security setup” that nudge you toward a more locked-down online experience. It also introduces a search function to make it easier to find whatever specific aspect of your account you want to vet.

Tags: ,

android-png-cf

Tech Giant Intel Partners With DApp Platform Enigma on Privacy Research

June 21, 2018

Decentralized application (DApp) platform Enigma will partner with Intel on privacy research as it prepares to launch its blockchain testnet, the two companies confirmed June 20.

Enigma, which completed a $45 mln Initial Coin Offering (ICO) in September of last year, said the collaboration would focus on “research and development efforts to advance development of privacy preserving computation technologies.”

The platform aims to provide the first environment for scalable end-to-end DApps using bespoke privacy technology to protect data “while still allowing computation” on top of it.

“Enigma is excited to continue collaborating with Intel to advance our protocol and privacy technologies for public blockchains, as well as expanding and strengthening our working relationship,” the post adds, hinting further partnership details would follow.

Ahead of Intel plugging Enigma’s privacy developments at the Cyber Week 2018 event in Tel Aviv next this week, Rick Echevarria, vice president of the corporation’s software and services group and general manager, platforms security division, appeared likewise upbeat at the prospect of improving that area of blockchain.

“Security is pivotal to our company’s strategy and a fundamental underpinning for all workloads, especially those that are as data-centric as AI and blockchain,” he wrote in a separate post from Intel, continuing:

“We will continue to innovate and make our silicon an active participant in the threat defense lifecycle.”

The move marks a further step in Intel’s blockchain involvement, this already spanning multiple industries, including healthcare, and partnerships, such as with virtual currency hardware firm Ledger.

Tags: , ,

emailtracking-ta

Apple’s App Store Privacy Crackdown May Hurt Facebook’s Onavo

June 15, 2018

Apple Inc.’s new rules for app developers limit their ability to harvest user contact data, but they also could hurt a key app owned by Facebook Inc. called Onavo Protect.

The iPhone maker’s updated App Store Review Guidelines ban applications that “collect information about which other apps are installed on a user’s device for the purposes of analytics or advertising/marketing.” This could give Apple grounds to remove the Onavo app, although the software is still available despite the rules kicking in last week.

Onavo Protect, when installed on an iPhone or Android device, uses a virtual private network to scan incoming and outgoing internet connectivity. It also gathers information about users’ devices, their location, apps installed on the gadgets and how people use those apps, what websites they visit, and the amount of data used, Facebook wrote in answers to Congressional questions that the social network operator posted online Monday.

Onavo collects data on other apps via networks, rather than through devices. The iPhone maker already blocks apps from getting information from other apps on the device itself via a technology called sandboxing.

Apple’s new guidelines “sound like they’re almost written in response to what Onavo and others have been doing,” said Will Strafach, a researcher who has studied Onavo Protect and focuses on the security of Apple’s iOS mobile operating system. A Facebook spokeswoman declined to comment.

Apple has criticized Facebook this year for privacy missteps, and the iPhone maker recently announced new controls for iPhones, iPads and Macs that will limit how internet companies like Facebook and Google track web browsing.

Tags: , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
main-snowden
Edward Snowden’s Autobiography Makes a Plea for the Fourth Amendment, the Right to Privacy, and Encryption
September 24, 2019

America's most famous whistleblower calls for restricting the power of government. Article by SCO...

Read more
ph
Chinese deepfake app Zao sparks privacy row after going viral
September 3, 2019

Critics say face-swap app could spread misinformation on a massive scale A Chinese app that lets ...

Read more
1463600977631262
Google tightens grip on some Android data over privacy fears, report says
August 19, 2019

The search giant ends a program that provided network coverage data to wireless carriers. BY CARR...

Read more
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more