Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘security’

fb featured image

Privacy Problems Mount for Tech Giants

January 21, 2019

By Sam Schechner
Jan. 21, 2019 6:30 a.m. ET

Big tech companies have taken a public lashing in the past year over their handling of users’ personal information. But many of their biggest privacy battles have yet to be fought—and the results will help determine the fate of some of the world’s largest businesses.

So far, tech giants like Facebook Inc. and Alphabet Inc.’s Google have proved relatively resilient against a growing backlash over possible abuse of their users’ personal privacy. Tech companies’ stocks may have swooned, but advertisers are continuing to cut them checks, and their profits are still growing at double-digit rates that would earn most CEOs a standing ovation.

This year may be stormier. Growing discontent among users over privacy and other issues—such as the widespread feeling that mobile devices and social media are addictive—could damp profit growth, discourage employees or chase away ad dollars. In Europe, regulators are slated to make major rulings about tech companies’ privacy practices, likely setting off high-stakes litigation. In the U.S., revelations about allegedly lax privacy protections are raising political pressure for federal privacy regulation.

At risk are tens of billions of dollars that marketers spend every year in online advertisements targeted at users with the help of personal information about individuals’ web browsing, mobile-app usage, physical location and sometimes other data, like income levels.

The behavior of tech giants is likely to be a major topic at the World Economic Forum this week in Davos, Switzerland. While the yearly meeting of world leaders and company executives normally celebrates how businesses can solve the world’s problems, tech companies were on the defensive last year against complaints that ranged from fomenting political polarization to building artificial intelligence that will displace millions of workers.

Since then, the pressure has increased. Facebook executives have been dragged before legislators on both sides of the Atlantic, after the company said data related to as many as 87 million people may have been improperly shared with Cambridge Analytica, a political analytics firm. And in September, Facebook said hackers had gained access to nearly 50 million accounts.

Google, meanwhile, has faced criticism of its privacy practices from political leaders, including flak after The Wall Street Journal reported that the company had exposed the private data of hundreds of thousands of users of its Google+ social network and opted initially not to disclose it.

Some tech executives have raised alarms, too. Apple Inc. Chief Executive Tim Cook, speaking in October before a privacy conference organized by the European Union, called for tighter regulation in the U.S. along the lines of a strict new privacy law in the EU, saying that some companies had “weaponized” users’ personal information in what he described as a “data-industrial complex.”

Facebook and Google both say that they have been investing heavily in improving how they protect user privacy and that they welcome tighter privacy rules; both companies support passage of a U.S. federal privacy law. Tech-industry lobbyists say they are planning to support U.S. privacy legislation over the coming year, in part to avoid contending with a patchwork of laws like one passed last year in California.

“Our industry strongly supports stronger privacy protections for consumers,” says Josh Kallmer, executive vice president for policy at the Information Technology Industry Council, which represents Facebook, Google and other tech companies. Mr. Kallmer says consumers “benefit incredibly from these technological innovations,” but adds that “alongside that are some very legitimate concerns about how data is being handled.”

What impact will stricter privacy rules have? There are two theories.

One school of thought says that stricter rules and tighter enforcement will benefit big, incumbent companies that already have access to large amounts of user data and can spend more heavily on legal-compliance efforts. The other argues that rules like those in the EU’s new General Data Protection Regulation, if strictly applied, will force significant changes to how the biggest tech companies collect and analyze individuals’ personal information—undercutting their advertising businesses and weakening their advantage over existing or potential new competitors.

“Both are reasonable claims. But it is far too early to tell which will turn out to be true,” says Alessandro Acquisti, a professor at Carnegie Mellon University who studies the behavioral economics of privacy.

At issue, in part, is the distinction between short-term and long-term effects. There are signs that Google, for one, benefited at least initially from the transition to the GDPR in May, in part because advertisers shifted money to the bigger firms, which were able to show they had users’ consent to display targeted ads.

In Europe, Google saw a 0.9% increase in the share of websites that include its advertising trackers two months after the GDPR went into effect compared with two months before, according to Cliqz, which makes antitracking tools for consumers. Facebook’s share declined 6.7%. The share for the other top 50 online-ad businesses fell more than 20%.

The longer-term impact on big firms is harder to predict. One study of nearly 10,000 online display advertising campaigns showed that users’ intent to purchase products was diminished after earlier EU laws restricted advertisers’ ability to collect data in order to target those ad campaigns. But more research is needed to determine what impact tighter rules would have on consumer spending more broadly, Prof. Acquisti says.

How the laws are enforced by regulators and courts will play an important role. Ireland’s Data Protection Commission, which is the EU’s lead regulator for Facebook and Google, is investigating complaints from privacy activists that the consent companies sometimes request for the processing of individuals’ data is a condition of using a service and so is not “freely given,” as the law requires.

In Germany, the federal antitrust enforcer says it will issue early this year a final decision regarding its preliminary finding that Facebook uses its power as the most popular social network in the country to strong-arm users into allowing it to collect data about them from third-party sources. A German decision wouldn’t involve fines, but could include orders to change business practices.

Both Facebook and Google say they comply with privacy laws.

Initial decisions could come this year, but whichever way the watchdogs come down, their actions are likely to end up reviewed in court. Those cases will end up determining how new privacy standards will be applied. And that will determine how profound their impact is.

“There is active litigation in a couple of places that could become hugely important,” Mr. Kallmer says. “It’s uncertainty that our industry thinks it’s on the right side of.”

Mr. Schechner is a Wall Street Journal reporter in Paris. Email sam.schechner@wsj.com.

Tags: , ,

apple

Apple is portraying itself as the defender of privacy in the tech world, but it’s one slip away from embarrassment

January 10, 2019

Analysis: Apple has continued to ratchet up its criticism of competitors in a bid to differentiate itself as the “most secure” tech company.
The move is a risky one, as Apple is exposed on several fronts to possible privacy and security leaks and breaches, putting it one step removed from a significant reputation dent that could further hurt sales.
Kate Fazzini

CNBC.com
Tim Cook, Chief Executive Officer of Apple Inc., takes a selfie with a customer and her iPhone as he visits the Apple Store in Chicago, Illinois, U.S., March 27, 2018.
John Gress | Reuters
Tim Cook, Chief Executive Officer of Apple Inc., takes a selfie with a customer and her iPhone as he visits the Apple Store in Chicago, Illinois, U.S., March 27, 2018.
Apple ramped up its efforts this week to differentiate its business on the basis of privacy and security, a risky move given risks to its cloud-based backup service and a challenging privacy environment globally, particularly in China, where the company says it is struggling.

Apple took a high-profile swipe at Google, Amazon and Facebook at this year’s Computer Electronics Show, with a full-building ad touting “What happens on your iPhone, stays on your iPhone.” CEO Tim Cook has criticized competitors for their privacy practices and their willingness to share data with third parties.

Apple is now also reportedly hiring ex-Facebook engineer Sandy Parakilas, who called Facebook a “living, breathing crime scene” because of its misuse by Russian hackers in the 2016 election. (Parakilas is reportedly taking an internal spot as a privacy product manager at Apple, a role not likely to include public-facing statements like these in the future).

For sure, Apple’s core business is different from Facebook’s and Google’s. Apple makes the bulk of its money selling iPhones and other computing devices, and charging consumer subscriptions for things like Apple Music. That means Apple has little reason to compile detailed information about users, and even less incentive to sell that information to third parties. But Facebook and Google make the vast majority of their money from advertising.

But putting such a big stake in privacy as a differentiator may be a risky business move.

First, Apple is just one iCloud breach away from an embarrassing incident that could damage its “what happens on your iPhone, stays on your iPhone” claims.

Scandals in the past years involving major celebrities who have had nude photographs stolen from their iCloud archives have been dangerously close. Apple has said these incidents involved username and password theft, giving criminals access to iCloud files through the celebrities’ password information, not a breached iCloud database.

But iCloud relies on the same cloud-based network architecture most companies rely on, including Amazon Web Services, Google’s cloud platform and Microsoft Azure. No database is impenetrable, and that includes those iCloud uses. A single instance of leaked data or an insider theft could put the company at serious reputational risk.

Third-party applications are also a potential sticking point. From a security point of view, Apple’s app store has stringent safeguards in place that make it more resilient to security issues like application spoofing than competitors such as Google’s Play store.

But independent iPhone apps still have the capacity to misuse data. The company routinely removes applications from the store for providing user information to unauthorized third parties. The New York Times reported earlier this year that numerous free iOS apps track detailed user information and provide it to third parties.

So Apple may also be one data-tracking scandal away from significantly denting the idea that data necessarily “stays on your iPhone.”

Tags: , ,

privacy-coins-and-bitcoin-dominance-guide

Editorial: Privacy Lessons From Google

December 28, 2018

Thursday, December 27, 2018
Congress is eyeing a federal privacy framework for 2019. But what about the laws already on the books? Demands for an investigation into Google’s marketing of children’s apps in its mobile store could offer legislators some lessons.

Comprehensive privacy rules for the United States are necessary precisely because the current rules cover only information or populations deemed especially sensitive. One of those populations is children, and the Children’s Online Protection Privacy Act was passed in 1998 to prohibit sites from collecting their identifying data without parental consent.

But according to a filing to the Federal Trade Commission by 22 children’s and consumer organizations, many apps gather that data anyway — from ID numbers, to addresses, to location, to the photos on a game-player’s smartphone.

Google is not responsible under COPPA for the actions of untrustworthy apps; the apps themselves are the only ones breaking that law. (The tracking of children on YouTube, which is owned by Google, is another question.) But the complainants allege that, by labeling a section of its store child-friendly and then allowing COPPA violators to appear there, Google is misleading consumers.

They want the FTC to step in, and three Democratic senators have joined in the call. Google says it has removed thousands of noncompliant apps in the past year and has already begun removing those listed in last week’s filing.
This debate should be particularly interesting to lawmakers seeking to craft broader regulations for consumer protection. First, there is the question of Google’s role as a gatekeeper, particularly when its own ad platform is integrated with many of the apps in its stores. Making Google and other software companies, such as Apple, liable for all of the content they host would hurt more than help. But the companies’ conflicting interests are an argument for increased oversight of app stores. And companies should be held to account when they are demonstrably negligent in enforcing their standards.

Last week’s complaint also presents an enforcement issue. The FTC has taken some action against developers in the past for sharing children’s information with advertisers, but the problem persists, and at scale: A study in April found that a majority of the popular apps that researchers surveyed were potentially in violation of COPPA. The FTC has been granted the fining and rulemaking authority under COPPA that many legislators presumably would grant it under a federal privacy law. Still, its efforts so far have not been an effective deterrent, and Congress will have to ask why.

COPPA is two decades old, and it requires modernization that ought to occur alongside Congress’ broader privacy efforts next term. But its provisions nonetheless should remind lawmakers of an important reality: How companies are held to account for violating a law is as important as the law itself.

The Washington Post

Tags: ,

venmo

What’s Wrong With Your Venmo Account, and How to Fix It

December 4, 2018

ILLUSTRATION: RICHARD BORGE

By Katherine Bindley
Dec. 4, 2018 9:02 a.m. ET

Few social-media experiences have made me cringe more than viewing my “friend” list on the peer-to-peer payment app Venmo for the first time. Seeing the names of people I’d been on dates with years ago was jarring. Seeing someone I’d blocked on Facebook was unsettling. Seeing names I didn’t recognize and couldn’t find in my contacts was baffling. But one name horrified me above all others: my former therapist.

I went to her profile, clicked on her friend list and saw another name I recognized, the friend who initially referred me. It hit me that I was scrolling through a list that included a psychologist’s patients.

Venmo does well what it’s supposed to do: let friends exchange money quickly and easily. By default, it posts those transactions in a social-media-style feed—seeing who shared meals and drinks with whom, and which emojis they favor, can make an otherwise boring process mildly entertaining.

Theoretically, Venmo lets users control who sees those posted items. But Venmo has a spotty record on privacy and transparency: In February, the FTC announced a settlement with Venmo’s parent company, PayPal Holdings Inc., after finding Venmo “misled consumers about the extent to which they could control the privacy of their transactions.” PayPal didn’t pay a fine but agreed to make privacy-policy updates and to make sharing controls clearer.

Still, Venmo has so far been unwilling to make privacy adjustments to some of the features many users have issues with. Between the uproar this past summer over the app’s public-by-default settings, the enduring inability to make your “friend” list private, and my feeling like a potential victim of a HIPAA violation, I started wondering if I—or anyone else—should really be using the app. Figuring that out took far more digging than users should reasonably have to deal with.

Here’s what I learned, and what you can do to protect yourself on Venmo:

1. Venmo Transactions Are Public by Default

Because Venmo’s default privacy setting is Public—allowing all transactions to be seen by Venmo users—you should go in and change it to Friends or, better yet, Private.
Because Venmo’s default privacy setting is Public—allowing all transactions to be seen by Venmo users—you should go in and change it to Friends or, better yet, Private. PHOTO: VENMO
Venmo’s social feed is populated by transactions between users. All these posts are publicly visible by default. That means unless you change your settings, anyone (researchers included) can see whom you paid.

To change that, tap the three lines in the app’s top left corner, select settings and then hit Privacy. You can choose Friends or Private, which means a transaction will be visible only to you and the person you exchanged money with. To change who can see your old posts, go to Privacy > Past Transactions.

2. Contact Syncing Isn’t Mandatory (But Appears to Be)

When signing up for a Venmo account, you have the option to skip Facebook friend syncing by tapping Not Now, but there is no similar button for phone-contact syncing.
When signing up for a Venmo account, you have the option to skip Facebook friend syncing by tapping Not Now, but there is no similar button for phone-contact syncing. PHOTO: VENMO
When users create a Venmo account, they’re asked to sync their contacts. You can go back or forward, but there’s no Skip or Not Now button.

If iPhone users select Next, they see an iOS popup asking for contact access. You might assume you have to click Allow, but you can hit Decline and still create an account.

I don’t normally sync contacts, but when I signed up for Venmo in 2015, I enabled syncing. To check your syncing status—and switch it off—go to Settings > Friends & Social.

3. Your Friend List Is Always Visible

Venmo friend lists are visible to other users and can’t be made private. Don’t feel bad if you didn’t know this: The company didn’t mention it in its privacy policy until September.

Venmo’s definition of “friends” is very loose, as evidenced if you sync your contacts. Unlike Facebook or LinkedIn, which search your phone book and give you the option to add connections, Venmo automatically adds to your friend list any saved contacts who also sync their phone books with the app.

If you have contact syncing turned on, the app checks your phone book regularly—every 28 days for iOS, every week for Android. Venmo adds any new contacts, but won’t remove phone contacts you’ve deleted. That’s why some “friends” might look like strangers.

You can’t hide your friend list, regardless of your privacy settings. This means that you’re publishing your phone book. It won’t show everyone, but it will include anyone in your phone who also synced contacts on Venmo. That might include your boss or, well, your therapist.

Why can’t we make this private? “Because Venmo was designed for sharing experiences with your friends in today’s social world, we try to make it as easy as possible to connect with other Venmo users,” a spokeswoman said.

4. You Can Cull Your Friend List

Additional ways to make your Venmo account more private: Turn off Facebook Connect and contact syncing, change the privacy settings of past transactions, and unfriend anyone you don’t want to share information with.
Additional ways to make your Venmo account more private: Turn off Facebook Connect and contact syncing, change the privacy settings of past transactions, and unfriend anyone you don’t want to share information with. PHOTO: VENMO
What you can do is unfriend people—but you’ll have to find your friend list first! Clicking on your profile won’t display it to you. Instead, tap the three lines and go to Search People. Scroll past Top People to see them all. Remove people by tapping their profiles and unchecking the friend icons.

It’s important to review your friend list if you’re sharing transactions with friends, since that list may be longer than you realize. If you never synced contacts, the list could be virtually empty.

5. There’s a Difference Between Facebook Connect and Facebook Contacts

Go to Settings > Friends & Social and you’ll see Facebook Connect and Facebook Contacts.

The first creates a link between your two accounts. I suggest disabling this. Facebook recently had a security breach, and like many apps, when you agree to connect, you’re sharing information in both directions that may not be apparent. No, thanks.

The second simply adds Venmo-using Facebook friends to your account who’ve also synced. Like contacts, they’ll stay in your Venmo friend list even after you unfriend them on Facebook.

6. Bank Account Syncing Isn’t Mandatory, Either

In a fairly recent addition to its privacy policy, Venmo says, “If you connect your Venmo account to other financial accounts…we may have access to your account balance and account and transactional information, such as purchases and funds transfers.”

Given that Venmo is a payment app, it makes sense that the company would need to access some financial information to facilitate payments and confirm you have the funds to cover your transactions. Venmo’s spokeswoman told me the company doesn’t actually access users’ transaction information.

It’s a small relief. The company has privacy issues and has framed the social aspect of the app as core to its existence. Meanwhile, that FTC complaint alleged that Venmo “misrepresented the extent to which consumers’ financial accounts were protected by ‘bank-grade security systems.’” (The company said it made “appropriate changes” in response.) And lately, Venmo has been grappling with a spike in fraud.

If you’re really concerned, you could unsync your bank account. The app won’t be as functional, and you’ll have to use incoming funds to pay for things. But if Venmo is just a pizza-and-beer slush fund for you, that might be all you need.

Venmo’s hold on its users is pretty strong. So strong that I don’t feel like I can stop using it yet, because no one has ever asked me to “Square” or “Zelle” them. But I’ll be happy to jump ship if and when a more privacy-minded app comes along.

For more WSJ Technology analysis, reviews, advice and headlines, sign up for our weekly newsletter. And don’t forget to subscribe to our Instant Message podcast.

Write to Katherine Bindley at katie.bindley@wsj.com

Tags: , , ,

private

Private Blockchains Could Be Compatible with EU Privacy Rules, Research Shows

November 12, 2018

Private blockchains, such as interbanking platforms set to share information on customers, could be compatible with new E.U. privacy rules, according to research published Nov. 6. The study was conducted by Queen Mary University of London and the University of Cambridge, U.K.
The General Data Protection Regulation (GDPR) act, a recent legislation that regulates the storage of personal data for all individuals within the European Union, came into effect this May. According to the law, all data controllers have to respect citizens’ rights in terms of keeping and transferring their private information. In case a data controller fails to do so, the potential fines are set as €20 million (about $22 million) or four percent of global turnover/revenues, whichever is higher.

The recent U.K. study, published in the Richmond Journal of Law and Technologies, views blockchain and its nodes through the length of GDPR. According to the researchers, crypto-related technologies could fall under these rules and be treated as “controllers,” given that they publicly store private information about E.U. citizens in the chain and allow third parties to operate it. This, the study reveals, might slow down technology implementation in EU:

“There is a risk that this legal uncertainty will have a chilling effect on innovation, at least in the EU and potentially more broadly. For example, if all nodes and miners of a platform were to be deemed joint controllers, they would have joint and several liability, with potential penalties under the GDPR.”

However, the researchers emphasize that blockchain operators could be treated like “processors” instead, the same as the companies behind cloud technologies who act on behalf of users rather than control their data. This, the study continues, is mostly applicable for Blockchain-as-a-Service (BaaS) offerings, where a third party provides the supporting infrastructure for the network while users store their data and control it personally.

As an example for such type of blockchain platform, the researchers cite centralized platforms for land registry and private interbanking solutions that set up “a closed, permissioned blockchain platform with a small number of trusted nodes.” Such closed systems could effectively comply with GDPR rules, the report continues.

To meet the privacy law, blockchain networks might also store personal data externally or allow trusted nodes to delete the private key for encrypted information, thus leaving indecipherable data on the chain, the researchers state.

However, the GDPR rules are extremely difficult to comply with for more decentralized nets, such as those concerned with mining and cryptocurrency. In this case, the nodes, operating with the data of E.U. citizens, might agree to fork a new version of the blockchain from time to time, thus reflecting mass requests for rectification or erasure. “However, in practice, this level of coordination may be difficult to achieve among potentially thousands of nodes,” the study reads.

As a conclusion, the researchers urge the European Data Protection Board, an independent regulatory body behind GDPR, to issue clearer guidance on the application of data protection law to various common blockchain models.

As Cointelegraph wrote earlier, the GDPR could both support and harm blockchain. Despite the fact that current E.U. legislation partially has the same goals as crypto-related technologies, such as decentralizing data control, blockchain companies could also face extremely high fees as data controllers.

Tags: , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
imrs
Give To Get: Sensing, Tracking And Your Privacy
February 11, 2019

226 viewsFeb 10, 2019, 06:00pm By Tracy Brower: I write about the changing nature of work, workers ...

Read more
_92023784_thinkstockphotos-482112104
Wise words on privacy, insurance company fined for privacy breach, and secure that email
February 5, 2019

Howard Solomon Howard Solomon @howarditwc Published: February 4th, 2019 Wise words on privacy fro...

Read more
screen-shot-2017-09-13-at-2-38-44-pm
Privacy is a human right, we need a GDPR for the world: Microsoft CEO
January 28, 2019

This article is part of the World Economic Forum Annual Meeting 24 Jan 2019 Ceri Parker Commissio...

Read more
fb featured image
Privacy Problems Mount for Tech Giants
January 21, 2019

By Sam Schechner Jan. 21, 2019 6:30 a.m. ET Big tech companies have taken a public lashing in th...

Read more
pr
Why data privacy is hot and machine learning is not
January 15, 2019

by RAFAEL LAGUNA — 1 day ago in CONTRIBUTORS Looking back on the past twelve months, we will all ...

Read more