Archive for the ‘Privacy’ Category

Facebook fights to “shield Zuckerberg” from punishment in US privacy probe

April 19th, 2019
Facebook CEO Mark Zuckerberg wearing a suit and being photographed by several photographers as he leaves a hotel.

Enlarge / Facebook CEO Mark Zuckerberg leaving the Merrion Hotel in Dublin after meeting with Irish politicians to discuss regulation of social media on Tuesday, April 2, 2019. (credit: Getty Images | NurPhoto )

Federal Trade Commission officials are discussing whether to hold Facebook CEO Mark Zuckerberg personally accountable for Facebook's privacy failures, according to reports by The Washington Post and NBC News. Facebook has been trying to protect Zuckerberg from that possibility in negotiations with the FTC, the Post wrote.

Federal regulators investigating Facebook are "exploring his past statements on privacy and weighing whether to seek new, heightened oversight of his leadership," the Post reported, citing anonymous sources who are familiar with the FTC discussions.

"The discussions about how to hold Zuckerberg accountable for Facebook's data lapses have come in the context of wide-ranging talks between the Federal Trade Commission and Facebook that could settle the government's more than year-old probe," the Post wrote.

Read 8 remaining paragraphs | Comments

Posted in Facebook, FTC, Mark Zuckerberg, Policy, Privacy | Comments (0)

In new gaffe, Facebook improperly collects email contacts for 1.5 million

April 18th, 2019
In new gaffe, Facebook improperly collects email contacts for 1.5 million

Enlarge (credit: Getty Images)

Facebook's privacy gaffes keep coming. On Wednesday, the social media company said it collected the stored email address lists of as many as 1.5 million users without permission. On Thursday, the company said the number of Instagram users affected by a previously reported password storage error was in the "millions," not the "tens of thousands" as previously estimated.

Facebook said the email contact collection was the result of a highly flawed verification technique that instructed some users to supply the password for the email address associated with their account if they wanted to continue using Facebook. Security experts almost unanimously criticized the practice, and Facebook dropped it as soon as it was reported.

In a statement issued to reporters, Facebook wrote:

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, email, Facebook, passwords, Privacy | Comments (0)

Amazon admits that employees review “small sample” of Alexa audio

April 11th, 2019
Amazon admits that employees review “small sample” of Alexa audio

Enlarge (credit: Smith Collection/Gado/Getty Images)

Most of the time, when you talk to an Amazon Echo device, only Amazon's voice-recognition software is listening. But sometimes, Bloomberg reports, a copy of the audio is sent to a human reviewer at one of several Amazon offices around the world. The human listens to the audio clip, transcribes it, and adds annotations to help Amazon's algorithms get better.

“We take the security and privacy of our customers’ personal information seriously,” an Amazon spokesman said in a statement emailed to Bloomberg. “We only annotate an extremely small sample of Alexa voice recordings in order [to] improve the customer experience."

Bloomberg hints at a significant workforce doing this kind of work. Bloomberg says Amazon has employees listening to audio clips in offices in Boston, Costa Rica, India, and Romania. Employees interpret as many as 1,000 audio clips in a 9-hour shift.

Read 7 remaining paragraphs | Comments

Posted in alexa, amazon, apple, google, Policy, Privacy, Siri | Comments (0)

FTC investigates whether ISPs sell your browsing history and location data

March 27th, 2019
Illustration of a lock and keyhole surrounded by data bits.

Enlarge (credit: Getty Images | KrulUA)

The Federal Trade Commission is investigating the privacy practices of major Internet service providers, and it has ordered top ISPs to disclose whether they share user Web browsing histories, device location information, and other sensitive data with third parties. ISPs also have to provide details on how they collect and use personal information to target advertisements at consumers.

The FTC yesterday sent orders demanding information to AT&T, Comcast, Google Fiber, T-Mobile, and Verizon. In the cases of AT&T and Verizon, the FTC sent separate information requests for the companies' home Internet and mobile broadband divisions.

All major ISPs denied selling or sharing their users' browsing histories and other sensitive information in 2017, when they convinced Congress and President Trump to prevent implementation of broadband privacy rules. But since then, it has been reported that T-Mobile, Sprint, and AT&T were selling their mobile customers' location information to third-party data brokers despite promising not to do so.

Read 12 remaining paragraphs | Comments

Posted in AT&T, Comcast, FTC, Google Fiber, ISPs, Policy, Privacy, t-mobile, verizon | Comments (0)

Epic says its Game Store is not spying on you

March 15th, 2019
Despite what you may have read, Epic says this is not spyware.

Enlarge / Despite what you may have read, Epic says this is not spyware.

This week, certain corners of the gaming Internet have been abuzz with a bit of self-described "amateur analysis" suggesting some "pretty sketchy," spyware-like activity on the part of the Epic Game Store and its launcher software. Epic has now stepped in to defend itself from those accusations, while also admitting to an "outdated implementation" that can make unauthorized access to local Steam information.

The Reddit post "Epic Game Store, Spyware, Tracking, and You!" points to a wide-ranging set of implications based on some broad file and network access traffic observations when the Epic Game Store is running. But much of the post is focused on Epic's association with Chinese gaming giant Tencent, which owns a share of the company.

"Tencent is a significant, but minority shareholder in Epic," co-founder and CEO Tim Sweeney wrote in response to the conspiracy theory in one Reddit thread. "I'm the controlling shareholder of Epic... The decisions Epic makes are ultimately my decisions, made here in North Carolina based on my beliefs as a game developer about what the game industry needs!"

Read 6 remaining paragraphs | Comments

Posted in epic, epic games store, Gaming & Culture, Privacy, security, Steam, Valve | Comments (0)

EA opts Origin users out of “real-name sharing” after complaints

February 19th, 2019
EA opts Origin users out of “real-name sharing” after complaints

Enlarge

Electronic Arts is opting all users out of the "real name sharing" option on its Origin gaming service following complaints that some users may have been entered into the program without their consent.

The option to "show my real name on my profile" (as opposed to just sharing an online handle) is buried in the privacy settings for every EA Origin account, as it is for many other gaming networks. But Randi Lee Harper, the founder of the nonprofit Online Abuse Prevention Initiative, recently noted in a Twitter thread that her real name was being shared via the account without any opt-in.

Harper said anecdotal reports and spot checks of others with Origin accounts showed that the setting "has been seemingly randomly enabled" for a number of other Origin users. Accounts created between 2013 and 2015 seem to have more likelihood of having the option enabled by default, Harper said, but she added that she "can't find any kind of commonality in the data. It seems so random." (New accounts created today default the real name sharing to be off.)

Read 5 remaining paragraphs | Comments

Posted in access, EA, Gaming & Culture, name, Origin, Privacy | Comments (0)

Apple to developers: disclose screen recording or get booted from App Store

February 8th, 2019
The home screen on the iPhone XS.

Enlarge / The home screen on the iPhone XS. (credit: Valentina Palladino)

Apple has begun notifying developers who use screen-recording code in their apps to either properly disclose it to users or remove it entirely if they want to keep their apps in the App Store. The move comes after a TechCrunch report showed that many apps do not disclose such activity to users at all, and some sensitive user data has been compromised through screen recordings.

"Protecting user privacy is paramount in the Apple ecosystem," an Apple spokesperson told TechCrunch. "Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity."

The initial report highlighted third-party analytics code used by Air Canada, Expedia, Hotels.com, Hollister and other companies in their mobile apps that allows them to record the screens of users while they navigate the app. These "session replays" are designed to help developers work out kinks, make informed UI decisions, and better inform them on how users are interacting with their apps in general.

Read 6 remaining paragraphs | Comments

Posted in App Store, app store review guidelines, apple, glassbox, Privacy, screen recording, Tech | Comments (0)

Cisco, like Apple and other tech giants, now wants new federal privacy law

February 7th, 2019
Cisco, like Apple and other tech giants, now wants new federal privacy law

Enlarge (credit: Igor Golovniov/SOPA Images/LightRocket via Getty Images)

On Thursday, Cisco formally joined the parade of major tech companies that have been calling for a comprehensive federal privacy law that would once and for all set a clear standard for tech companies nationwide.

Currently in the United States, there is a patchwork of laws governing how various types of data are handled—health, financial, etc.—but there isn’t a clear set of rules for Silicon Valley giants that traffic in vast amounts of information sharing. As a hardware networking giant, however, Cisco does not profit from user data in the same way that a company like Google or Facebook does.

In a blog post, Cisco’s top lawyer, Mark Chandler, called the current legal framework "not adequate." Cisco hasn’t put forward specific bill language just yet; it is speaking for now in generalities.

Read 10 remaining paragraphs | Comments

Posted in ashkan soltani, Cisco, Policy, Privacy | Comments (0)

How to Delete Accidentally Sent Messages, Photos on Facebook Messenger

February 6th, 2019
Ever sent a message on Facebook Messenger then immediately regretted it, or an embarrassing text to your boss in the heat of the moment at late night, or maybe accidentally sent messages or photos to a wrong group chat? Of course, you have. We have all been through drunk texts and embarrassing photos many times that we later regret sending but are forced to live with our mistakes. Good news,

Posted in Delete Sent Messages, Facebook, Facebook Messages, Facebook Messenger, Privacy, Unsend Messages | Comments (0)

Apple revokes Facebook’s developer certificate over data-snooping app—Google could be next

January 30th, 2019
Google and Facebook circumvented the App Store to distribute VPN apps that collected user data against Apple's policies.

Enlarge / Google and Facebook circumvented the App Store to distribute VPN apps that collected user data against Apple's policies. (credit: Aurich / Getty)

Both Facebook and Google have used Apple's Enterprise Developer Program—which is intended for exclusive use by companies to give system administrators the ability to distribute apps to employees' devices internally—to circumvent Apple's app store and distribute to users applications that closely monitor users' app, messaging, and network activity.

News of Facebook's application was published on TechCrunch yesterday, leading Apple to revoke Facebook's enterprise certificate. This same certificate had been used internally by Facebook for distributing beta builds of Facebook's apps and for other needs, so the revocation poses a serious challenge for the company.

News of Google's similar program also broke on TechCrunch, but that happened more recently, and Apple has not yet indicated whether it intends to take similar action with Google. We'll start by unpacking the Facebook side.

Read 18 remaining paragraphs | Comments

Posted in apple, Enterprise Certificates, Enterprise Developer Program, Facebook, Facebook Research, google, onavo, Policy, Privacy, Tech, user data | Comments (0)