Facebook VP Nick Clegg Makes a Compelling Pro-Apple Argument

· · Link

Facebook VP Nick Clegg makes the same argument as Sundar Pichai when it comes to Apple. Although he thinks he’s making an argument against Apple, he’s really arguing for Apple.

Facebook is free — it’s for everyone. Some other big tech companies make their money by selling expensive hardware or subscription services, or in some cases both, to consumers in developed, wealthier economies. They are an exclusive club, available only to aspirant consumers with the means to buy high-value hardware and services.

Facebook is free only because they sell advertising using customer data. Apple makes money from hardware and subscriptions. It’s precisely because of companies like Facebook and Google that privacy is seen as a luxury.

YouTube Under Federal Investigation Over Children’s Privacy

· · Link

The U.S. government is investigating YouTube for allegedly violating children’s privacy.

The complaints contended that YouTube, which is owned by Google, failed to protect kids who used the streaming-video service and improperly collected their data in violation of the Children’s Online Privacy Protection Act, a 1998 law known as COPPA that forbids the tracking and targeting of users younger than age 13.

Openly Operated Wants to Improve Privacy Policies

· · Link

Openly Operated is a certification for apps and services. The certification process ensures that they live up to their privacy and security claims with an audit.

An OO-certified app or site must meet three criteria. First, it needs to demonstrate “a basic level of transparency” by making its code and infrastructure — among other things — public and fully documented. Second, it needs to lay out its policy in the form of “claims with proof,” establishing what user data is collected, who can access it, and how it’s being protected. Third, those claims must be evaluated by an OO-certified auditor who then makes the audit results public.

I’ve complained about privacy policies before, and this sounds like a great idea. I hope it gets traction.

Bluetooth Beacons Can Track You Inside Stores

· · Link

Bluetooth beacons are small devices that some stores hide throughout the building. Apps on your phone can pick up the signals they emit and send information back.

In order to track you or trigger an action like a coupon or message to your phone, companies need you to install an app on your phone that will recognize the beacon in the store. Retailers (like Target and Walmart) that use Bluetooth beacons typically build tracking into their own apps. But retailers want to make sure most of their customers can be tracked — not just the ones that download their own particular app.

I bet iOS 13’s new Bluetooth controls will affect this.

How Surveillance Affects the Legal System: A Judge’s View

· · Link

We often read about surveillance from the perspective of us, the users, or technology companies. Here is a judge’s view on it.

Congress is way behind in determining how far the police can go in using technology to invade people’s privacy, and many of the legal disputes arising from this collision have not reached the Supreme Court. For the public, as a practical matter, the rules of the road are being decided by prosecutors. Your privacy is not their highest priority.

I think that’s ultimately the heart of the matter: We have a technologically-inept government.

Most Privacy Policies Exceed Reading Standards With Low Readability

· · Link

Journalists at The New York Times read 150 privacy policies, finding most of them to be incomprehensible with low readability scores.

To be successful in college, people need to understand texts with a score of 1300. People in the professions, like doctors and lawyers, should be able to understand materials with scores of 1440, while ninth graders should understand texts that score above 1050 to be on track for college or a career by the time they graduate. Many privacy policies exceed these standards.

I wish there was a standard for privacy policies so companies can’t hide their sins behind jargon. In the mean time, I use this website.

Governments Are Terrible at Securing Data

· · Link

It absolutely infuriates me when agencies like the FBI, and governments like Australia, the U.S., Germany, and more want us to break encryption or circumvent it with a back door. As Mathew Gault writes, they are completely inept at securing data. Even the NSA, which likes to think it’s the “world leader in cryptology” got hacked.

Regular phone and internet users remain vulnerable, forced to take individual protective measures, like a poor wage-worker without health insurance who’s told to secure her nest egg by cutting out morning lattes.

News+: Bad Behavior in the VPN Industry

· · Link

Max Eddy reviews VPNs for PCMag. Although he believes most vendors have good intentions, he highlights several examples of bad behavior in the VPN industry.

From my experience working with VPNs, I can say with certainty there is a culture of sabotage and paranoia among some vendors. Anonymous dumps of damning information about one VPN vendor get blamed on another VPN vendor. Tips come in suggesting that corporate ownership is tied to the Russian mafia or some other criminal operation. Commentators hold up one VPN review site as an example of rectitude; others say the same site is secretly run by a VPN vendor with an agenda. When there is this much disinformation and counter-disinformation (which may also be disinformation), it’s impossible to tell who is telling the truth.

Before I came to The Mac Observer, one of my freelancing gigs was writing for a VPN company. I saw some of the same things as Mr. Eddy. In both privacy and security circles, there is a tint of paranoia and conspiracy thinking, at least with some people.

This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.

Microsoft Does Something Unexpected About Privacy

· · Link

Facial recognition

According to engadget, “Microsoft discreetly wiped its massive facial recognition database.”

Microsoft has been vocal about its desire to properly regulate facial recognition technology. The company’s president, Brad Smith, appealed directly to Congress last year to take steps to manage the tech, which he says has “broad societal ramifications and potential for abuse.” Such are the company’s concerns that it even blocked the sales of the tech to California police forces. Now, Microsoft is continuing its crusade by quietly deleting its MS Celeb database, which contains more than 10 million images of some 100,000 people.

These days, it seems everything in tech privacy matters gets continuously worse. Deleting big data sets is hard to do. Good work, Microsoft.

Maine is Close to Stopping ISP Pay For Privacy Schemes

· · Link

The Act to Protect the Privacy of Online Customer Information has been approved by Maine’s state House of Representatives and Senate. Now it only needs the governor’s signature. It would put a stop to ISP pay-for-privacy schemes by limited access to data.

If signed, the bill would provide some of the strongest data privacy protections in the United States, putting a latch on emails, online chats, browser history, IP addresses, and geolocation data collected and stored by ISPs like Verizon, Comcast, and Spectrum. The bill goes further: Unlike a data privacy proposal in the US and a new data privacy law in California, the Maine bill explicitly shuts down any pay-for-privacy schemes.

The Clever Cryptography Behind iOS 13 ‘Find My’

· · Link

iOS 13 ‘Find My’ combines Find My Friends and Find My iPhone. Apple says it uses Bluetooth signals from Apple devices even if they’re offline. And the encryption scheme it uses means that third party attackers can’t track Apple devices, and Apple can’t track them either.

In a background phone call with WIRED following that keynote, Apple broke down that privacy element, explaining how its “encrypted and anonymous” system avoids leaking your location data willy nilly, even as your devices broadcast a Bluetooth signal explicitly designed to let you track your device. The solution to that paradox, it turns out, is a trick that requires you to own at least two Apple devices. Each one emits a constantly changing key that nearby Apple devices use to encrypt and upload your geolocation data, such that only the other Apple device you own possesses the key to decrypt those locations.

News+: The App Store Enables Spying, Tracking, and Analytics

· · Link

In the latest issue of Fast Company magazine, Mark Wilson writes about the business of spying, advertising, and analytics that the App Store enables.

[Apple] designed a dead-simple interface that, to this day, allows users to sign away contacts, location data, and camera and microphone access with a single tap as they install an app. Apple also created efficient APIs—the software connecting its hardware to outside apps—to provide third-party developers access to sensitive user information. Meanwhile, iPhone apps are not required to encrypt their transmissions. “Apple was well known for usability before it was known for privacy,” says Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society.

This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.