Archive for the ‘Privacy’ Category

Study shows which messengers leak your data, drain your battery, and more

October 26th, 2020
Stock photo of man using smartphone.

Enlarge (credit: Getty Images)

Link previews are a ubiquitous feature found in just about every chat and messaging app, and with good reason. They make online conversations easier by providing images and text associated with the file that’s being linked.

Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted. Among the worst offenders, according to research published on Monday, were messengers from Facebook, Instagram, LinkedIn, and Line. More about that shortly. First a brief discussion of previews.

When a sender includes a link in a message, the app will display the conversation along with text (usually a headline) and images that accompany the link. It usually looks something like this:

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, Facebook, Instagram, instant message, Messenger, Policy, Privacy, security | Comments (0)

Now you can enforce your privacy rights with a single browser tick

October 8th, 2020
Now you can enforce your privacy rights with a single browser tick

Enlarge (credit: Global Privacy Control)

Anyone who remembers Do Not Track—the initiative that was supposed to allow browser users to reclaim their privacy on the Web—knows it was a failure. Not only did websites ignore it, using it arguably made people less private because it made them stick out. Now, privacy advocates are back with a new specification, and this time they’ve brought the lawyers.

Under the hood, the specification, known as Global Privacy Control, works pretty much the same way Do Not Track did. A small HTTP header informs sites that a visitor doesn’t want their data sold. The big difference this time is the enactment of the Consumer Privacy Act in California and, possibly, the General Data Protection Regulation in Europe, both of which give consumers broad rights over how their private information can be used.

At the moment, California residents who don’t want websites to sell their data must register their choice with each site, often each time they visit it. That’s annoying and time-consuming. But the California law specifically contemplates “user-enabled global privacy controls, such as a browser plug-in or privacy setting,” that signal the choice. That’s what the Global Privacy Control—or GPG—does.

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, browsers, do not track, global privacy control, Policy, Privacy, Tech | Comments (0)

Privacy-Preserving Smart Input with Gboard

October 7th, 2020

Google Keyboard (a.k.a Gboard) has a critical mission to provide frictionless input on Android to empower users to communicate accurately and express themselves effortlessly. In order to accomplish this mission, Gboard must also protect users' private and sensitive data. Nothing users type is sent to Google servers. We recently launched privacy-preserving input by further advancing the latest federated technologies. In Android 11, Gboard also launched the contextual input suggestion experience by integrating on-device smarts into the user's daily communication in a privacy-preserving way.

Before Android 11, input suggestions were surfaced to users in several different places. In Android 11, Gboard launched a consistent and coordinated approach to access contextual input suggestions. For the first time, we've brought Smart Replies to the keyboard suggestions - powered by system intelligence running entirely on device. The smart input suggestions are rendered with a transparent layer on top of Gboard’s suggestion strip. This structure maintains the trust boundaries between the Android platform and Gboard, meaning sensitive personal content cannot be not accessed by Gboard. The suggestions are only sent to the app after the user taps to accept them.

For instance, when a user receives the message “Have a virtual coffee at 5pm?” in Whatsapp, on-device system intelligence predicts smart text and emoji replies “Sounds great!” and “👍”. Android system intelligence can see the incoming message but Gboard cannot. In Android 11, these Smart Replies are rendered by the Android platform on Gboard’s suggestion strip as a transparent layer. The suggested reply is generated by the system intelligence. When the user taps the suggestion, Android platform sends it to the input field directly. If the user doesn't tap the suggestion, gBoard and the app cannot see it. In this way, Android and Gboard surface the best of Google smarts whilst keeping users' data private: none of their data goes to any app, including the keyboard, unless they've tapped a suggestion.

Additionally, federated learning has enabled Gboard to train intelligent input models across many devices while keeping everything individual users type on their device. Today, the emoji is as common as punctuation - and have become the way for our users to express themselves in messaging. Our users want a way to have fresh and diversified emojis to better express their thoughts in messaging apps. Recently, we launched new on-device transformer models that are fine-tuned with federated learning in Gboard, to produce more contextual emoji predictions for English, Spanish and Portuguese.

Furthermore, following the success of privacy-preserving machine learning techniques, Gboard continues to leverage federated analytics to understand how Gboard is used from decentralized data. What we've learned from privacy-preserving analysis has let us make better decisions in our product.

When a user shares an emoji in a conversation, their phone keeps an ongoing count of which emojis are used. Later, when the phone is idle, plugged in, and connected to WiFi, Google’s federated analytics server invites the device to join a “round” of federated analytics data computation with hundreds of other participating phones. Every device involved in one round will compute the emoji share frequency, encrypt the result and send it a federated analytics server. Although the server can’t decrypt the data individually, the final tally of total emoji counts can be decrypted when combining encrypted data across devices. The aggregated data shows that the most popular emoji is 😂 in Whatsapp, 😭 in Roblox(gaming), and ✔ in Google Docs. Emoji 😷 moved up from 119th to 42nd in terms of frequency during COVID-19.

Gboard always has a strong commitment to Google’s Privacy Principles. Gboard strives to build privacy-preserving effortless input products for users to freely express their thoughts in 900+ languages while safeguarding user data. We will keep pushing the state of the art in smart input technologies on Android while safeguarding user data. Stay tuned!

Posted in Android, federated learning, gboard, Privacy | Comments (0)

The fight over the fight for California’s privacy future

September 23rd, 2020
The fight over the fight for California’s privacy future

Enlarge (credit: Aurich Lawson / Getty Images)

When state Senator Bob Hertzberg learned that an ambitious privacy initiative had gotten enough signatures to qualify for the ballot in California, he knew he had to act quickly.

“My objective,” he says, “was to get the damn thing off the ballot.”

It was the spring of 2018. Facebook’s emerging Cambridge Analytica scandal had cast a harsh light on the tech giants’ data-gathering practices, spurring calls for more consumer privacy protections. The initiative was the brainchild of Alastair Mactaggart, a wealthy San Francisco real estate developer, who had the idea in the shower in 2015 and funded the effort out of pocket. Mactaggart enlisted his neighbor Rick Arney and Mary Stone Ross, a former CIA analyst and lawyer, to help craft the ballot measure. None had any background in data privacy or, for that matter, anything related to the tech industry.

Read 38 remaining paragraphs | Comments

Posted in California, CCPA, Policy, Privacy, Proposition 24 | Comments (0)

Companies can track your phone’s movements to target ads

September 20th, 2020
Companies can track your phone’s movements to target ads

Enlarge (credit: Qilai Shen | Bloomberg | Getty Images)

Google and Apple have taken steps this year they say will help users shield themselves from hundreds of companies that compile profiles based on online behavior. Meanwhile, other companies are devising new ways to probe more deeply into other aspects of our lives.

In January, Google said it would phase out third-party cookies on its Chrome browser, making it harder for advertisers to track our browsing habits. Publishers and advertisers use cookies to compile our shopping, browsing, and search data into extensive user profiles. These profiles reflect our political interests, health, shopping behavior, race, gender, and more. Tellingly, Google will still collect data from its own search engine, plus sites like YouTube or Gmail.

Apple, meanwhile, says it will require apps in a forthcoming version of iOS to ask users before tracking them across services, though it delayed the effective date until next year after complaints from Facebook. A poll from June showed as many as 80 percent of respondents would not opt in to such tracking.

Read 14 remaining paragraphs | Comments

Posted in Advertising, Biz & IT, Privacy, smartphones, Tech | Comments (0)

A bevy of new features makes iOS 14 the most secure mobile OS ever

September 18th, 2020
Multiple smartphones on table.

Enlarge / From left to right: iPhone 11, iPhone 11 Pro, iPhone 11 Pro Max. (credit: Samuel Axon)

Eleven months ago, Apple CEO Tim Cook declared privacy a “fundamental human right.” The affirmation came as the iPhones his customers carry in their pockets store ever more sensitive information and the company seeks to make privacy a key differentiator as it competes with Google and other rivals.

On Wednesday, the company sought to make good on its commitment with the release of iOS 14. It introduces a bevy of privacy features designed to give iPhone users more control over their personal information. The protections are intended to rein in app developers, online providers, and advertisers who all too often push the limits of acceptable data collection, assuming they don’t fully step over the line.

I spent a little more than an hour testing some of the features. Here’s a brief description of each, how to use them, and some first-blush impressions of how some work.

Read 22 remaining paragraphs | Comments

Posted in Biz & IT, iOS, iphone, Policy, Privacy | Comments (0)

YouTube unlawfully violates kids’ privacy, new $3.2B lawsuit claims

September 14th, 2020
A sign featuring the YouTube logo, outside the YouTube Space studios in London on June 4, 2019.

Enlarge / A sign featuring the YouTube logo, outside the YouTube Space studios in London on June 4, 2019. (credit: Olly Curtis | Future | Getty Images)

A new lawsuit filed in a United Kingdom court alleges that YouTube knowingly violated children's privacy laws in that country and seeks damages in excess of £2.5 billion (about $3.2 billion).

A tech researcher named Duncan McCann filed the lawsuit in the UK's High Court and is serving as representative claimant in the case—a similar, though not identical, process to a US class-action suit. Foxglove, a UK tech advocacy group, is backing the claim, it said today.

"YouTube, and its parent company Google, are ignoring laws designed to protect children," Foxglove wrote in a press release. "They know full well that millions of children watch YouTube. They’re making money from unlawfully harvesting data about these young children as they watch YouTube videos—and then running highly targeted adverts, designed to influence vulnerable young minds."

Read 10 remaining paragraphs | Comments

Posted in Alphabet, children, children's online privacy, children's privacy, foxglove, google, lawsuits, Policy, Privacy, uk, YouTube | Comments (0)

Portland adopts strictest facial recognition ban in nation to date

September 10th, 2020
A helpful neon sign in Portland, Ore.

Enlarge / A helpful neon sign in Portland, Ore. (credit: Seth K. Hughes | Getty Images)

City leaders in Portland, Oregon, yesterday adopted the most sweeping ban on facial recognition technology passed anywhere in the United States so far.

The Portland City Council voted on two ordinances related to facial recognition: one prohibiting use by public entities, including the police, and the other limiting its use by private entities. Both measures passed unanimously, according to local NPR and PBS affiliate Oregon Public Broadcasting.

The first ordinance (PDF) bans the "acquisition and use" of facial recognition technologies by any bureau of the city of Portland. The second (PDF) prohibits private entities from using facial recognition technologies "in places of public accommodation" in the city.

Read 8 remaining paragraphs | Comments

Posted in face recognition, facial recognition, laws, Oregon, Policy, portland, Privacy, Racism, surveillance | Comments (0)

Facebook complains, Apple responds: iOS 14’s big privacy change gets postponed

September 3rd, 2020
The iPhone 8, the iPhone XS, the iPhone XR, and the iPhone XS Max.

Enlarge / From left to right: the iPhone 8, the iPhone XS, the iPhone XR, and the iPhone XS Max. (credit: Samuel Axon)

Apple has postponed full enforcement of a feature of its upcoming iOS 14 software for iPhones that would require app developers to request users' permission to track them across apps for advertising purposes. This announcement comes in the wake of a public complaint from Facebook that the privacy policy could negatively impact the ad market in Apple's ecosystem.

The feature, announced at Apple's annual developer conference in June, would require app developers to notify a user of an app's intent to track the user's IDFA (ID for Advertisers). IDFA is used to track the user's behavior across multiple apps and deliver targeted ads based on that behavior. The change would also require the user to opt in to that tracking.

Apple now says that, while developers will be able to implement this notification and request for permission, doing so will no longer be mandatory when iOS 14 launches sometime in the next couple of months. However, Apple was careful to clarify that it still intends to establish the requirement in the future, and that this is only a delay "to give developers time to make necessary changes."

Read 6 remaining paragraphs | Comments

Posted in Advertising, apple, Facebook, iOS, Privacy, Tech | Comments (0)

Facebook halts Oculus Quest sales in Germany amid privacy concerns

September 3rd, 2020
Facebook halts Oculus Quest sales in Germany amid privacy concerns

Enlarge (credit: Aurich Lawson / Facebook)

Facebook subsidiary Oculus says it has "temporarily paused" sales of Oculus Quest headsets to customers in Germany. Reports suggest the move is in response to concerns from German regulators about the recently announced requirement that all Oculus users will need to use a Facebook account by 2023 to log in to the device.

"We have temporarily paused selling Oculus devices to consumers in Germany," Facebook writes in a brief message on the Oculus support site. "We will continue supporting users who already own an Oculus device and we're looking forward to resuming sales in Germany soon."

Facebook declined an opportunity to provide additional comment to Ars Technica. But in a statement to German News site Heise Online (machine translation), the company said the move was due to "outstanding talks with German supervisory authorities... We were not obliged to take this measure, but proactively interrupted the sale."

Read 7 remaining paragraphs | Comments

Posted in Facebook, Gaming & Culture, GDPR, Germany, oculus, Privacy, quest | Comments (0)