Romanian security company Bitdefender found that Amazon Ring doorbell cameras were leaking customer data like Wi-Fi credentials.
Bitdefender researchers have discovered an issue in Amazon’s Ring Video Doorbell Pro IoT device that allows an attacker physically near the device to intercept the owner’s Wi-Fi network credentials and possibly mount a larger attack against the household network.
At the moment of publishing this paper, all Ring Doorbell Pro cameras have received a security update that fixes the issue described herein.
You can view the whitepaper [PDF] here.
Today Facebook launched Portal video chatting devices that definitely won’t be used to spy on you and your loved ones. They will let Facebook users watch television together over a video call. Andrew Bosworth, VP of AR/VR at Facebook, said:
I think that in a couple years’ time, if you have a smart streaming device that doesn’t have a camera allowing you to video call people, you’re not going to have a competitive product. I think this is the killer feature for a device like this.
Bosworth also touted privacy protections like local processing of smart features on the devices, which means most user data will not be sent back to Facebook servers.
Yes, I know how shocked you are folks. As it turns out, Facebook lied about yet another thing: It totally collects your location data, and admitted that fact itself in a blog post.
For years the antisocial media giant has claimed it doesn’t track your location, insisting to suspicious reporters and privacy advocates that its addicts “have full control over their data,” and that it does not gather or sell that data unless those users agree to it.
Then, late on Monday, Facebook emitted a blog post in which it kindly offered to help users “understand updates” to their “device’s location settings.”
You may have missed the critical part amid the glowing testimony so we’ll repeat it: “… use precise location even when you’re not using the app…”
Quote from a TMO reader: “Hoping that FB will somehow become secure is as much magical thinking as expecting a wild pig to perform the role Juliet for Bolshoi.”
Bryan Chaffin and Dave Hamilton join host Kelly Guimont to discuss San Francisco’s current debate over facial recognition software.
The folks at Mind Chasers put together a constantly-updating list of Big Tech companies that spy on you, with examples.
Below is a listing of articles documenting various spying incidents, capabilities, and vulnerabilities that you may not already know. Maybe it will help drive home that our society has a big problem and make you think twice before you order your next connected device that’s built to spy on you.
This is a great resource to bookmark.
Google Stadia looks likely to shake up the gaming world, but there’s more than one way to skin a gaming cat, and Apple is focused on AR. Bryan Chaffin is joined by guest cohost Andrew Orr to discuss how those different tracts might fare. They also talk about the good sides of corporate data surveillance, and yes, they will both forgive you if you are surprised either would entertain such a notion.
At the Mobile World Congress 2019, Microsoft CEO Satya Nadella echoed publicly the notions of Apple’s Tim Cook on customer privacy. Computerworld’s Jonny Evans has the story.
Nadella’s Microsoft seems to be moving in a similar direction as the old guard of more responsible technologists join forces to combat the unintended consequences of tech firms who have moved fast and loose in their treatment and support for user privacy.
Evans concludes: “Ultimately, it’s all about trust.”
The Nest Secure smart home hub has had a secret microphone this whole time. But poor Google just plain forgot to tell us.
On Tuesday, a Google spokesperson told Business Insider the company had made an “error.” “The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part,” the spokesperson said.
Silly Google, tricks are for kids. Also, get a HomePod.
This website is a hub with links for over 40 companies to opt out of data sharing practices they have.
Simple Opt Out is drawing attention to opt-out data sharing and marketing practices that many people aren’t aware of (and most people don’t want), then making it easier to opt out.
At some point I’m definitely going down the list to see which companies I can opt out from.
In this episode, Bryan Chaffin and Jeff Gamet make an announcement about ACM. They also talk about the cool horror of BostonDynamics’s twerking dogbot. Oh, and Facebook Portal…please. No. Just, please no. The also take a look at some listener email.
In addition to being completely open source and transparent, this device includes hardware kill switches for camera, microphone, WiFi/Bluetooth and cellular baseband modem.
Writing for Inverse, Matthew Phelan says that a cryptographic ledger could hold the key to prevent surveillance dystopia.
The California Consumer Privacy Act of 2018 has passed the California State Legislature and is headed to Governor Jerry Brown’s desk, where he is expected to sign it.
If you’ve been wondering what all the fuss was about augmented reality, Bryan Chaffin and Jeff Gamet have an AR Demo for you to see. They also take time out from ranting about being the product to talk frankly about the benefits of surveillance capitalism.
Alexa’s been getting a bit presumptuous*, it seems, having recorded a conversation taking place in the background, bundling it up nicely, and packing it off to a friend of her owner.
Warning, this one went long: Bryan Chaffin and Jeff Gamet discuss what Apple’s share buybacks say about Apple’s future. They also weigh WhatsApp’s founder leaving Facebook, and what it says about Facebook and Mark Zuckerberg. They go over when diving into Google Duplex, a demonstration that was as awesome as it was devoid of real value.
Mr. Cook’s comments came in the wake of news that Facebook profile data was used in ways that violate Facebook terms of service, and that Facebook knew about the privacy breach and didn’t tell users.
For years, civil libertarians have fretted and worried about the eyes of the state encroaching on our privacy, but it turns out that we, the people, have opted to surveil ourselves.
MWR Labs was able to open a first generation Amazon Echo and add permanent code to the firmware that streamed live audio from the always-listening microphones to remote services.
Unsurprisingly, Samsung’s crappy iris scanner on the Galaxy S8 has been defeated. Worse, defeating it is easy. Bryan and Jeff think it’s a joke and another example of Samsung’s delusions of relevance. They also discuss Bryan’s theory that PC makers can’t compete with Apple’s MacBook with me-too design, and say that surveillance capitalists being honest about spying on your doesn’t make their spying OK.