Software designer Jonas Strehle discovered that browser favicons can be used to give you a unique ID that can be used to track you across the web. It works even if you use privacy tools like a VPN, incognito browsing, deleting cookies/browser cache, and others.
To be clear, this is a proof-of-concept and not something that Strehle has found out in the wild. Strehle’s supercookie program (which uses a Cookie Monster favicon) is a proof of the concept described by the university researchers.
Europe antitrust chief Margrethe Vestager warned Apple to give equal treatment to all apps, including its own, for the upcoming App Tracking Transparency feature.
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and updates, and explains Private Click Measurement and why it matters.
Charlotte Henry joins host Kelly Guimont to chat Apple’s latest TV+ nominations and what Apple means when they talk about privacy (it’s Facebook).
A report from Mark Gurman suggests that Google could add the App Tracking Transparency privacy feature to Android. But it wouldn’t be as private since Google is ultimately an advertising company.
A Google solution is likely to be less strict and won’t require a prompt to opt in to data tracking like Apple’s, the people said […] To keep advertisers happy while improving privacy, the discussions around Google’s Android solution indicate that it could be similar to its planned Chrome web browser changes.
In other words, why even bother?
Sign In with Apple lets you create accounts with your Apple ID for apps that support it. Its “Hide My Email” feature protects your email by forwarding emails to your actual email. SimpleLogin does the same; it lets you create random email aliases that forward emails to your true email address. This open source alternative to Sign In with Apple helps you keep your email safe from newsletters, websites, and more. It’s free to download and use and there is an optional subscription for advanced features like custom domains, unlimited aliases, or a catch-all alias.
Apple is introducing a new technology called Private Click Measurement to give online advertisers a way to measure ads privately.
In response to an iOS 14 feature that makes developers ask user consent to use their data, Facebook wants to remind people just how beleaguered it really is.
In the post, Facebook says that if users accept the prompts for Facebook and Instagram, the ads you see on those apps won’t change. “If you decline, you will still see ads, but they will be less relevant to you.” The tech giant notes that Apple has said that providing education about its new privacy changes is allowed.
To me, the most offensive part about this isn’t Facebook pretending to care about “businesses other than itself that rely on ads to reach products customers.” It’s how it says “This won’t give us access to new types of information.”
For Data Privacy Day 2021, companies with private products like Tresorit, ProtonMail, Threema, and Tutanota, have issued a joint statement about proposed laws about backdoored encryption.
[…] encryption is an absolute, data is either encrypted or it isn’t, users have privacy or they don’t. The desire to give law enforcement more tools to fight crime is obviously understandable. But the proposals are the digital equivalent of giving law enforcement a key to every citizens’ home and might begin a slippery slope towards greater violations of personal privacy.
iOS 14 added App Store privacy labels as a way for developers to disclose the data their apps collect. But some of these labels may be inaccurate.
In Thursday’s update to developers, Apple says it will enhance SKAdNetwork and add Private click Measurement support for apps.
I’ve been hesitant to keep sharing these stories. At the time this news first appeared I was skeptical, saying that we just got over the holidays so give Google a break. But as the days turn into weeks, this is when it does start to look damning and now it’s time to give Google some heat.
On January 5, Google told TechCrunch that the data would be added to its iOS apps “this week or the next week,” but both this week and the next week have come and gone with no update. It has now been well over a month since Google last updated its apps.
Dating app Bumble filed its IPO on Friday with the U.S. Securities and Exchange Commission, mentioning iOS 14 privacy as a potential risk.
Andrew Orr joins host Kelly Guimont to discuss Security Friday news and how January is a good time to review all those Sign In With… buttons.
Facebook sent an email to its advertising customers saying that it has no choice but to comply with iOS 14’s App Tracking Transparency.
Intel released a new technology called RealSense ID on Wednesday. It’s a device for facial authentication that can be used in various devices.
The last update for Google’s iOS apps was on December 7, one day before App Store privacy labels went into effect. Is Google delaying the inevitable?
As for why Google might be trying to delay revealing its privacy label information, it’s possible the company saw all the bad press Facebook got when the social media giant was forced to reveal all the ways its apps track users, and the press and social media reactions spooked the company. Facebook Messenger’s privacy labels are horrifyingly long, for example.
For this one I’m going with a modified version of Hanlon’s Razor: “Never attribute to malice that which is adequately explained by the holidays.” I haven’t gotten updates for a bunch of other apps, either.
Andrew Orr and Charlotte Henry (aka Team Nightmare) join host Kelly Guimont to discuss their standout moments of 2020 and send it off properly.
Apple, Google, Microsoft, and Mozilla are teaming up to ban a root certificate used by the Kazakhstan government to decrypt HTTPS traffic for residents in the country’s capital, the city of Nur-Sultan.
Kazakh officials justified their actions claiming they were carrying out a cybersecurity training exercise for government agencies, telecoms, and private companies.
The government’s explanation did, however, make zero technical sense, as certificates can’t prevent mass cyber-attacks and are usually used only for encrypting and safeguarding traffic from third-party observers.
Facebook’s latest move is to display banners in its business apps saying there will be an impact to marketing efforts. In this case, the “users” that Mr. Espósito refers to in his article are the actual users—the advertisers. This banner is seen in Facebook Business Suite and Facebook Ads. The problem with Facebook’s argument though is that, like Tim Cook tweeted, they can still track you across all the apps like before. What angers Mark Zuckerberg is user consent (sorry, product consent, products being the people that use Facebook).
The fact that Facebook is now showing these messages in its iOS apps criticizing Apple demonstrates that the company is trying to get popular appeal to change Apple’s mind about its new App Store privacy rules.
Apple has a new 20-page guide available called Device and Data Access when Personal Safety is at Risk.
Bryan Chaffin and Dave Hamilton join host Kelly Guimont to discuss the latest back and forth between Apple and Facebook over user privacy.
Apple has hit back at Facebook and defended its stance on iOS privacy, following adverts in major newspapers from the social media giant.
Good news for users of Signal. The app now supports group video calls, and they are end-to-end encrypted like the rest of the app’s communications.
Now when you open a group chat in Signal, you’ll see a video call button at the top. When you start a call, the group will receive a notification letting them know a call has started.
When you start or join a group call, Signal will display the participants in a grid view. You can also swipe up to switch to a view that automatically focuses the screen on who is speaking, and it will update in real time as the active speaker changes.
