privacy

Link

Meet the Professor Behind Netflix's 'The Great Hack'

Andrew Orr ·

David Carroll sued Cambridge Analytica after news broke that it used Facebook user data for targeted political advertising. Netflix’s The Great Hack tells his story, and Business Insider interviewed him.

My pursuit is a highly individualized narrative, which obscures the reality that it’s a story about all of us. Quitting your Facebook account doesn’t do anything. You can try to do the work of going through all your settings and being really hygienic about your data, but it’s only going to reduce the scope of data leaking all over the place. It’s certainly not going to have a total effect that people might want.

I’m putting this on my list to watch.

Link

Some Companies Don't Like iOS 13 Location Privacy Feature

Andrew Orr ·

App developers wrote a letter to Apple saying how much they don’t like iOS 13 location privacy rules, accusing the company of anti-competitive behavior.

We understand that there were certain developers, specifically messaging apps, that were using this as a backdoor to collect user data. While we agree loopholes like this should be closed, the current Apple plan to remove [access to the internet voice feature] will have unintended consequences: it will effectively shut down apps that have a valid need for real-time location.

The letter was signed by Tile CEO CJ Prober; Arity (Allstate) president Gary Hallgren; CEO of Life360, Chris Hullsan; CEO of dating app Happn, Didier Rappaport; CEO of Zenly (Snap), Antoine Martin; CEO of Zendrive, Jonathan Matus; and chief strategy officer of social networking app Twenty, Jared Allgood.

A helpful list of all the apps I’ll never download. I hope Apple does more when it comes to privacy.

Link

iOS 13 Has an Important Bluetooth Privacy Feature

Andrew Orr ·

Jared Newman writes about the iOS 13 Bluetooth privacy feature. When an app needs to access Bluetooth, iOS displays an alert so you can allow or deny the request. Bluetooth can be used to track you, which is why Apple added the feature. I’ve seen these alerts a couple of times running the iOS 13 public beta. I disagree with Mr. Newman though; I don’t think it’s too confusing. Just think about the app and whether it legitimately needs Bluetooth. For example, if you need to connect a device to your iPhone, you’ll need Bluetooth. But apps like Google Maps and YouTube don’t need Bluetooth (and I’ve seen alerts and denied them both).

Prior to iOS 13, apps could use Bluetooth to collect detailed location data from users without explicit permission, using tracking beacons in retail stores and other public locations. Even if users had denied an app access their location data, Bluetooth could have provided a workaround.

Link

LinkedIn Violates Library Privacy With LinkedIn Learning

Andrew Orr ·

Many states have laws in place to protect the privacy of libraries. But LinkedIn is violating this with LinkedIn Learning, formerly known as Lynda.com.

Currently, when Lynda.com is accessed through a library, a user logs in with her or his library card and a PIN. No other personal information is required.

Under the new LinkedIn Learning policy, library users would be required to create a personal, publicly searchable, profile and agree to LinkedIn’s user agreement and privacy policy before being able to use LinkedIn Learning.

Checking off the user agreement grants LinkedIn the power to share the information contained in a personal profile with whoever LinkedIn wants.

Libraries are a bastion against corporations, where you can get free resources and just hang out without having to buy anything. I hope this gets resolved in the library’s favor.

Link

Meet the Never-Googlers Who Shun the Mountain View Company

Andrew Orr ·

The Never-Googlers are people who avoid using Google services and try to convince family and friends to give them up as well.

These intrepid Web users say they’d rather deal with daily inconveniences than give up more of their data. That means setting up permanent vacation responders on Gmail and telling friends to resend files or video links that don’t require Google software. More than that, it takes a lot of discipline.

Wouldn’t you know it, I wrote a list of Google alternatives.

Link

Facebook Plans Don't Include End-to-End Encryption

Andrew Orr ·

Unsurprisingly, Facebook’s messaging apps won’t have true end-to-end encryption, with messages scanned before being encrypted.

In Facebook’s vision, the actual end-to-end encryption client itself such as WhatsApp will include embedded content moderation and blacklist filtering algorithms. These algorithms will be continually updated from a central cloud service, but will run locally on the user’s device, scanning each cleartext message before it is sent and each encrypted message after it is decrypted.

The company even noted that when it detects violations it will need to quietly stream a copy of the formerly encrypted content back to its central servers to analyze further, even if the user objects, acting as true wiretapping service.

Unlike Forbes‘ clickbait headline, the “encryption debate” certainly isn’t over or dead. Now it’s about trying to convince the government that encryption backdoors don’t work. There are also plenty of Facebook alternatives.

Link

Lockdown is a New Open Source iOS Firewall

Andrew Orr ·

Lockdown is a new, open source firewall for iOS that lets you block apps from cryptomining, sharing data with Facebook or Google, and more.

The app operates solely on device and the code has been shared on GitHub today. Lockdown’s release comes at a time when concerns are growing about how iOS apps share data with third-parties.

It’s a cool concept and I downloaded it. Unfortunately, you can’t use it in conjunction with real VPNs, at least for now.

Link

Your Facial Data is Worth a $5 Gift Card to Google

Andrew Orr ·

Google employees are stopping people in public and offering them a US$5 gift card in exchange for their facial data. The company is thought to be working on a Face ID authentication system for the Pixel 4.

“I assume they’ll use the data to train a neural network to be able to recognize what a face is,” he replied. “Then you train your own phone on what your specific face looks like. And that’s what gets used to unlock your phone, Face ID-style, but more accurately.”

Add three zeroes to that Google, and then I’ll discuss it.

News

William Barr Wants You to Accept Encryption Backdoor Security Risks

Andrew Orr ·

U.S. Attorney General William Barr suggested that Americans should just accept encryption backdoor security risks (via TechCrunch). Encryption Backdoor Risks In a speech today, William Barr called on tech companies to help the federal government to access devices with a lawful order. In other words, ignore the security risks and put a backdoor into their…

Link

Chuck Schumer Calls For Investigation into FaceApp

Andrew Orr ·

U.S. Senate minority leader Chuck Schumer called on the FBI and the Federal Trade Commission to investigate FaceApp over privacy and national security concerns.

The viral smartphone application, which has seen a new surge of popularity due to a filter that ages photos of users’ faces, requires “full and irrevocable access to their personal photos and data,” which could pose “national security and privacy risks for millions of U.S. citizens,” Schumer said in his letter to FBI Director Christopher Wray and FTC Chairman Joe Simons.

A misconception around the app is that is transmits all of your photos. It doesn’t; it only uses photos that you willingly upload.

Link

PSA: FaceApp Owns Photos You Create With App

Andrew Orr ·

According to its terms of service, popular app FaceApp owns the rights to all photos you create with it.

Essentially, if you make something in FaceApp, FaceApp can do whatever it wants with what you’ve made. Not only can it repost your images without your permission, it can monetize the images, either directly or indirectly, without compensating you or notifying you that it has done so in any way.

Unfortunately, this sort of thing isn’t new. Facebook has similar terms, and so does Google.

Link

DuckDuckGo Apple Maps Updated for Enhanced Search

Andrew Orr ·

The DuckDuckGo Apple Maps integration has been updated for enhanced search, like maps re-querying, local autocomplete, and more.

With Apple, as with all other third parties we work with, we do not share any personally identifiable information such as IP address. And for local searches in particular, where your approximate location information is sent by your browser to us, we discard it immediately after use. This is in line with our strict privacy policy. You can read more about our anonymous localized results here.

I was happy to see the integration and look forward to these updates. Apple is a good partnership for DuckDuckGo.