privacy

Link

Apple Wants to Kill Tracking, Not Advertising

Andrew Orr ·

Owen Williams writes how Apple wants to “kill advertising” with its newest privacy feature in iOS 13 called Sign In with Apple.

Apple is likely to win consumers over, who think these things sound evil and strange, but without these practices [of using customers’ email addresses] many of our favorite businesses and services simply couldn’t exist or practically reach customers.

I disagree. Apple is trying to kill tracking, not advertising. In Safari, Apple is adding a feature called Privacy Preserving Ad Click Attribution to reduce targeted ads, which only accounts for a small 4% in revenue anyway.

Link

News+: Bad Behavior in the VPN Industry

Andrew Orr ·

Max Eddy reviews VPNs for PCMag. Although he believes most vendors have good intentions, he highlights several examples of bad behavior in the VPN industry.

From my experience working with VPNs, I can say with certainty there is a culture of sabotage and paranoia among some vendors. Anonymous dumps of damning information about one VPN vendor get blamed on another VPN vendor. Tips come in suggesting that corporate ownership is tied to the Russian mafia or some other criminal operation. Commentators hold up one VPN review site as an example of rectitude; others say the same site is secretly run by a VPN vendor with an agenda. When there is this much disinformation and counter-disinformation (which may also be disinformation), it’s impossible to tell who is telling the truth.

Before I came to The Mac Observer, one of my freelancing gigs was writing for a VPN company. I saw some of the same things as Mr. Eddy. In both privacy and security circles, there is a tint of paranoia and conspiracy thinking, at least with some people.

This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.

Link

Microsoft Does Something Unexpected About Privacy

John Martellaro ·

According to engadget, “Microsoft discreetly wiped its massive facial recognition database.”

Microsoft has been vocal about its desire to properly regulate facial recognition technology. The company’s president, Brad Smith, appealed directly to Congress last year to take steps to manage the tech, which he says has “broad societal ramifications and potential for abuse.” Such are the company’s concerns that it even blocked the sales of the tech to California police forces. Now, Microsoft is continuing its crusade by quietly deleting its MS Celeb database, which contains more than 10 million images of some 100,000 people.

These days, it seems everything in tech privacy matters gets continuously worse. Deleting big data sets is hard to do. Good work, Microsoft.

Link

Maine is Close to Stopping ISP Pay For Privacy Schemes

Andrew Orr ·

The Act to Protect the Privacy of Online Customer Information has been approved by Maine’s state House of Representatives and Senate. Now it only needs the governor’s signature. It would put a stop to ISP pay-for-privacy schemes by limited access to data.

If signed, the bill would provide some of the strongest data privacy protections in the United States, putting a latch on emails, online chats, browser history, IP addresses, and geolocation data collected and stored by ISPs like Verizon, Comcast, and Spectrum. The bill goes further: Unlike a data privacy proposal in the US and a new data privacy law in California, the Maine bill explicitly shuts down any pay-for-privacy schemes.

Link

The Clever Cryptography Behind iOS 13 ‘Find My’

Andrew Orr ·

iOS 13 ‘Find My’ combines Find My Friends and Find My iPhone. Apple says it uses Bluetooth signals from Apple devices even if they’re offline. And the encryption scheme it uses means that third party attackers can’t track Apple devices, and Apple can’t track them either.

In a background phone call with WIRED following that keynote, Apple broke down that privacy element, explaining how its “encrypted and anonymous” system avoids leaking your location data willy nilly, even as your devices broadcast a Bluetooth signal explicitly designed to let you track your device. The solution to that paradox, it turns out, is a trick that requires you to own at least two Apple devices. Each one emits a constantly changing key that nearby Apple devices use to encrypt and upload your geolocation data, such that only the other Apple device you own possesses the key to decrypt those locations.

Link

News+: The App Store Enables Spying, Tracking, and Analytics

Andrew Orr ·

In the latest issue of Fast Company magazine, Mark Wilson writes about the business of spying, advertising, and analytics that the App Store enables.

[Apple] designed a dead-simple interface that, to this day, allows users to sign away contacts, location data, and camera and microphone access with a single tap as they install an app. Apple also created efficient APIs—the software connecting its hardware to outside apps—to provide third-party developers access to sensitive user information. Meanwhile, iPhone apps are not required to encrypt their transmissions. “Apple was well known for usability before it was known for privacy,” says Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society.

This is part of Andrew’s News+ series, where he shares a magazine every Friday to help people discover good content in Apple News+.

Link

Colorado Students Secretly Photographed for Military Research

Andrew Orr ·

From 2012 to 2013, students at the University of Colorado’s Colorado Springs campus were secretly photographed as part of a research project. The U.S. Navy wanted to improve its facial recognition algorithms.

To conduct the study, [professor] Boult set up a long-range surveillance camera in an office window about 150 meters away from the West Lawn of the Colorado Springs campus, a public area where passers-by would not have a reasonable expectation of privacy. The camera surreptitiously photographed people walking in the area of the West Lawn on certain days during the spring semesters of 2012 and 2013.

Link

Inside Apple’s Secure Enclave Stress Testing Efforts

Andrew Orr ·

The Independent recently published an interview with Craig Federighi, talking about privacy and Apple chips.

Those chips are here to see whether they can withstand whatever assault anyone might try on them when they make their way out into the world. If they succeed here, then they should succeed anywhere; that’s important, because if they fail out in the world then so would Apple. These chips are the great line of defence in a battle that Apple never stops fighting as it tries to keep users’ data private.

I don’t think the article was written well, but to me the most interesting part was Secure Enclave stress testing, which involves temperature. I assume Apple is trying to prevent hacks like this.

Vignette App Lets You Update Your Contact Photos Privately
Cool Stuff Found

Vignette App Lets You Update Your Contact Photos Privately

Andrew Orr ·

Vignette app allows you to change all those ugly grey circles with initials into actual photographs. By searching Twitter, Facebook, Instagram, and Gravatar—no login required—Vignette will attempt to pair your contacts with their profile pictures on social media. After amassing all these images, using Vignette’s easy to use interface, you can select which avatar you’d like to use, or none at all. Once you’re all set, Vignette will write those updates to your contacts database on your phone. That means in Messages, Phone, and all of your other apps, you see beautiful images instead of ugly initials. Vignette is free to try, but in order to save the updates to your contact list, you will need to buy the one-time in-app purchase. Vignette app runs entirely on your phone; your contacts stay on your device and are never transmitted *anywhere*. Privacy is a critical factor to Vignette; your trust is important and will not be squandered. App Store: Free (Offers In-App Purchases)

Link

Facebook Facial Recognition Opt-Out Not Universal

Andrew Orr ·

Consumer Reports found that Facebook facial recognition doesn’t seem to be a universal setting, despite Facebook promising otherwise.

Consumer Reports examined the accounts of 31 Facebook users across the U.S. The participants let us record video as they navigated their Facebook settings under our direction. We found the Face Recognition setting missing from eight of the accounts we documented, or just over 25 percent.

I could be a smart a** and recommend deleting your Facebook account as a way to opt out, but that wouldn’t help the people still on Facebook.

Link

American Law Institute Votes on Rollback of Consumer Privacy

Andrew Orr ·

The American Law Institute (ALI) will vote tomorrow on a proposal that would make it easier for companies to bind you to contracts, even without visiting the website.

If you’re like most people, you’ve probably clicked “I agree” on many online contracts without ever reading them. Soon you may be deemed to have agreed to a company’s terms without even knowing it. A vote is occurring Tuesday that would make it easier for online businesses to dispense with that click and allow websites that you merely browse — anything from Amazon and AT&T to Yahoo and Zillow — to bind you to contract terms without your agreement or awareness.

Link

Privacy is a Luxury Item? Think Again

John Martellaro ·

Google CEO Sundar Pichai says privacy shouldn’t be a luxury item.  Responding at Computerworld, Jonny Evans writes:

The crux of Google CEO Sundar Pichai’s argument against firms such as (obviously including but never named) Apple is that his company offers convenience in exchange for personal secrets, makes its services available for free, and has a “profound commitment” to protecting user privacy.

Author Evans lays bare the reality of how Google operates and the shallowness of Pichai’s whines.