When surveillance meets incompetence


This post is by Devin Coldewey from TechCrunch


Click here to view on the original site: Original Post




Last week brought an extraordinary demonstration of the dangers of operating a surveillance state — especially a shabby one, as China’s apparently is. An unsecured database exposed millions of records of Chinese Muslims being tracked via facial recognition — an ugly trifecta of prejudice, bureaucracy, and incompetence.

The security lapse was discovered by Victor Gevers at the GDI Foundation, a security organization working in the public’s interest. Using the infamous but useful Shodan search engine, he found a MongoDB instance owned by the Chinese company SenseNets that stored an ever-increasing number of data points from a facial recognition system apparently at least partially operated by the Chinese government.

Many of the targets of this system were Uyghur Muslims, an ethnic and religious minority in China that the country has persecuted in what it considers secrecy, isolating them in remote provinces in what amount to religious gulags.

This database was

🤗

Continue reading “When surveillance meets incompetence”

India’s state gas company leaks millions of Aadhaar numbers


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Another security lapse has exposed millions of Aadhaar numbers.

This time, India’s state-owned gas company Indane left exposed a part of its website for dealers and distributors, even though it’s only supposed to be accessible with a valid username and password. But the part of the site was indexed in Google, allowing anyone to bypass the login page altogether and gain unfettered access to the dealer database.

The data was found by a security researcher who asked to remain anonymous for fear of retribution from the Indian authorities. Aadhaar’s regulator, the Unique Identification Authority of India (UIDAI), is known to quickly dismiss reports of data breaches or exposures, calling critical news articles “fake news,” and threatening legal action and filing police complaints against journalists.

Baptiste Robert, a French security researcher who goes by the online handle Elliot Alderson and has prior experience investigating Aadhaar exposures, investigated the exposure and provided

Continue reading “India’s state gas company leaks millions of Aadhaar numbers”

VPN protocol WireGuard now has an official macOS app


This post is by Romain Dillet from TechCrunch


Click here to view on the original site: Original Post




WireGuard could be the most promising VPN protocol in years. It lets you establish a connection with a VPN server that is supposed to be faster, more secure and more flexible at the same time. The developers launched a brand new app in the Mac App Store today.

WireGuard isn’t a VPN service, it’s a VPN protocol, just like OpenVPN or IPsec. The best thing about it is that it can maintain a VPN connection even if you change your Wi-Fi network, plug in an Ethernet cable or your laptop goes to sleep.

But if you want to use WireGuard for your VPN connection you need to have a VPN server that supports it, and a device that supports connecting to it. You can already download the WireGuard app on Android and iOS, but today’s release is all about macOS.

The team behind WireGuard has been working

Continue reading “VPN protocol WireGuard now has an official macOS app”

Daily Crunch: Stop repeating this privacy lie


This post is by Anthony Ha from TechCrunch


Click here to view on the original site: Original Post




The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Stop saying, ‘We take your privacy and security seriously’

Zack Whittaker says that in his years covering cybersecurity, there’s one variation of the same lie that floats above the rest: “We take your privacy and security seriously.”

The truth is, most companies don’t care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen. And when they use this line, it shows that they don’t know what to do next.

2. SeaBubbles shows off its ‘flying’ all-electric boat in Miami

We were promised flying cars but, as it turns out, “flying” boats were easier to build. And by “flying,” I mean “raising the

Jeff Bezos - WIRED25 Summit: WIRED Celebrates 25th Anniversary With Tech Icons Of The Past & Future

Continue reading “Daily Crunch: Stop repeating this privacy lie”

Stop saying, “We take your privacy and security seriously”


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




In my years covering cybersecurity, there’s one variation of the same lie that floats above the rest. “We take your privacy and security seriously.”

You might have heard the phrase here and there. It’s a common trope used by companies in the wake of a data breach — either in a “mea culpa” email to their customers or a statement on their website to tell you that they care about your data, even though in the next sentence they all too often admit to misusing or losing it.

The truth is, most companies don’t care about the privacy or security of your data. They care about having to explain to their customers that their data was stolen.

I’ve never understood exactly what it means when a company says it values my privacy. If that were the case, data hungry companies like Google and Facebook, which sell data about you

Continue reading “Stop saying, “We take your privacy and security seriously””

UK parliament calls for antitrust, data abuse probe of Facebook


This post is by Natasha Lomas from TechCrunch


Click here to view on the original site: Original Post




A final report by a British parliamentary committee which spent months last year investigating online political disinformation makes very uncomfortable reading for Facebook — with the company singled out for “disingenuous” and “bad faith” responses to democratic concerns about the misuse of people’s data.

In the report, published today, the committee has also called for Facebook’s use of user data to be investigated by the UK’s data watchdog.

In an evidence session to the committee late last year, the Information Commissioner’s Office (ICO) suggested Facebook needs to change its business model — warning the company risks burning user trust for good.

Last summer the ICO also called for an ethical pause of social media ads for election campaigning, warning of the risk of developing “a system of voter surveillance by default”.

Interrogating the distribution of ‘fake news’

The UK parliamentary enquiry looked into both Facebook’s own use of personal

Continue reading “UK parliament calls for antitrust, data abuse probe of Facebook”

What business leaders can learn from Jeff Bezos’ leaked texts


This post is by Jonathan Shieber from TechCrunch


Click here to view on the original site: Original Post




The ‘below the belt selfie’ media circus surrounding Jeff Bezos has made encrypted communications top of mind among nervous executive handlers. Their assumption is that a product with serious cryptography like Wickr – where I work – or Signal could have helped help Mr. Bezos and Amazon avoid this drama.

It’s a good assumption, but a troubling conclusion.

I worry that moments like these will drag serious

Continue reading “What business leaders can learn from Jeff Bezos’ leaked texts”

Even years later, Twitter doesn’t delete your direct messages


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




When does “delete” really mean delete? Not always or even at all if you’re Twitter .

Twitter retains direct messages for years, including messages you and others have deleted, but also data sent to and from accounts that have been deactivated and suspended, according to security researcher Karan Saini.

Saini found years-old messages found in a file from an archive of his data obtained through the website from accounts that were no longer on Twitter. He also filed a similar bug, found a year earlier but not disclosed until now, that allowed him to use a since-deprecated API to retrieve direct messages even after a message was deleted from both the sender and the recipient — though, the bug wasn’t able to retrieve messages from suspended accounts.

Saini told TechCrunch that he had “concerns” that the data was retained by Twitter for so long.

Direct messages once let users to “unsend”

Continue reading “Even years later, Twitter doesn’t delete your direct messages”

Reddit says government data requests more than doubled in 2018


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Reddit has said the number of government requests for user data has more than doubled in 2018 than on the previous year.

The news and content sharing site said in its latest transparency report, posted Wednesday, it received a 752 requests from governments during the year, up from 310 requests a year earlier.

Broken down, that’s 171 requests to preserve account data — up from 79 requests in 2017; and 581 requests to produce user data — up from 231 requests.

Reddit said it complied with 77 percent of requests to turn over user data, and 91 percent of preservation requests. However, the company says it “only processes preservation requests” that originate in the U.S.

For the year, the company said it was asked by the U.S. government to remove “an image and a large volume of comments made underneath it for potential breach of a federal

Continue reading “Reddit says government data requests more than doubled in 2018”

A new Congress means a new opportunity for consumer privacy protections


This post is by Jonathan Shieber from TechCrunch


Click here to view on the original site: Original Post




The 2018 mid-term elections, for the first time in U.S. history, resulted in a Congress that has the look and feel of America…our very diverse America. There are now 102 women serving in Congress and a record number of Members representing all Americans. Our Members now represent the African American, Hispanic, LGBTQ, and interfaith communities.

Thirteen new members are under the age of 35. This evolution of the legislative branch provides an opportunity to represent the best interests of all consumers. In our digital world, what is it that consumers, from each and every community represented by this new diverse Congress, have asked for? Online privacy protections.

Continue reading “A new Congress means a new opportunity for consumer privacy protections”

In healthcare, better data demands better privacy protections


This post is by David Riggs from TechCrunch


Click here to view on the original site: Original Post




In August 2016, the Australian government released to the public a data set containing the medical billing history of nearly three million persons: every procedure they had undergone or prescription they had received. Needless to say, their names and all other identifying features had been redacted.

Nevertheless, within a few weeks a group of researchers at the University of Melbourne discovered how easy it was to re-identify the individuals in this ostensibly anonymous data set and extract their medical history. The researchers did this by using information readily available on the internet.

The media coverage of their paper bordered on hysteria; the Australian government was forced to

Continue reading “In healthcare, better data demands better privacy protections”

Amazon buys Eero: What does it mean for your privacy?


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




In case you hadn’t seen, Amazon is buying router maker Eero. And in case you hadn’t heard, people are pretty angry.

Deluged in a swarm of angry tweets and social media posts, many have taken to reading tealeaves to try to understand what the acquisition means for ordinary privacy-minded folks like you and me. Not many had much love for Amazon on the privacy front. A lot of people like Eero because it wasn’t attached to one of the big tech giants. Now it’s to be part of Amazon, some are anticipating the worst for their privacy.

Of the many concerns we’ve seen, the acquisition boils down to a key concern: “Amazon shouldn’t have access to all internet traffic.”

Rightfully so! It’s bad enough that Amazon wants to put a listening speaker in every corner of our home. How worried should you be that Amazon flips the switch on

👋

Continue reading “Amazon buys Eero: What does it mean for your privacy?”

Is Europe closing in on an antitrust fix for surveillance technologists?


This post is by Natasha Lomas from TechCrunch


Click here to view on the original site: Original Post




The German Federal Cartel Office’s decision to order Facebook to change how it processes users’ personal data this week is a sign the antitrust tide could at last be turning against platform power.

One European Commission source we spoke to, who was commenting in a personal capacity, described it as “clearly pioneering” and “a big deal”, even without Facebook being fined a dime.

The FCO’s decision instead bans the social network from linking user data across different platforms it owns, unless it gains people’s consent (nor can it make use of its services contingent on such consent). Facebook is also prohibited from gathering and linking data on users from third party websites, such as via its tracking pixels and social plugins.

The order is not yet in force, and Facebook is appealing, but should it come into force the social network faces being de facto shrunk by having its platforms

Continue reading “Is Europe closing in on an antitrust fix for surveillance technologists?”

Apple tells app developers to disclose or remove screen recording code


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Apple is telling app developers to remove or properly disclose their use of analytics code that allows them to record how a user interacts with their iPhone apps — or face removal from the company’s app store, TechCrunch can confirm.

In an email, an Apple spokesperson said: “Protecting user privacy is paramount in the Apple ecosystem. Our App Store Review Guidelines require that apps request explicit user consent and provide a clear visual indication when recording, logging, or otherwise making a record of user activity.”

“We have notified the developers that are in violation of these strict privacy terms and guidelines, and will take immediate action if necessary,” the spokesperson added.

It follows an investigation by TechCrunch that revealed major companies, like Expedia, Hollister, and Hotels.com, were using a third-party analytics tool, to record every tap and swipe inside the app. We found that none of the apps we tested

Continue reading “Apple tells app developers to disclose or remove screen recording code”

Apple to compensate teenager who found Group FaceTime eavesdrop bug


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Apple has said it will compensate the teenager who first found a security bug in Group FaceTime that allowed users to eavesdrop before a call was picked up.

The bug was initially reported to Apple by 14-year-old Grant Thompson and his mother, but the family struggled getting in contact the company before the bug was discovered elsewhere and went viral on social media.

The payout will fall under Apple’s bug bounty, which incentivizes security researchers to claim a reward for privately submitting security bugs and vulnerabilities to the company. Apple will also offer an unspecified additional gift to Thompson’s education.

“In addition to addressing the bug that was reported, our team conducted a thorough security audit of the FaceTime service and made additional updates to both the FaceTime app and server to improve security, an Apple spokesperson told TechCrunch. “This includes a previously unidentified vulnerability in the Live Photos feature of FaceTime.”

Continue reading “Apple to compensate teenager who found Group FaceTime eavesdrop bug”

German antitrust office limits Facebook’s data-gathering


This post is by Natasha Lomas from TechCrunch


Click here to view on the original site: Original Post




A lengthy antitrust probe into how Facebook gathers data on users has resulted in Germany’s competition watchdog banning the social network giant from combining data on users across its own suite of social platforms without their consent.

The investigation of Facebook data-gathering practices began in March 2016.

The decision by Germany’s Federal Cartel Office, announced today, also prohibits Facebook from gathering data on users from third party websites — such as via tracking pixels and social plug-ins — without their consent.

Although the decision does not yet have legal force and Facebook has said it’s appealing. The BBC reports that the company has a month to challenge the decision before it comes into force in Germany.

In both cases — i.e. Facebook collecting and linking user data from its own suite of services; and from third party websites — the Bundeskartellamt asserts that consent to data processing must be

Continue reading “German antitrust office limits Facebook’s data-gathering”

Many popular iPhone apps secretly record your screen without asking


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission.

You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps.

Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.

Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let

Continue reading “Many popular iPhone apps secretly record your screen without asking”

Many popular iPhone apps secretly record your screen without asking


This post is by Zack Whittaker from TechCrunch


Click here to view on the original site: Original Post




Many major companies, like Air Canada, Hollister and Expedia, are recording every tap and swipe you make on their iPhone apps. In most cases you won’t even realize it. And they don’t need to ask for permission.

You can assume that most apps are collecting data on you. Some even monetize your data without your knowledge. But TechCrunch has found several popular iPhone apps, from hoteliers, travel sites, airlines, cell phone carriers, banks and financiers, that don’t ask or make it clear — if at all — that they know exactly how you’re using their apps.

Worse, even though these apps are meant to mask certain fields, some inadvertently expose sensitive data.

Apps like Abercrombie & Fitch, Hotels.com and Singapore Airlines also use Glassbox, a customer experience analytics firm, one of a handful of companies that allows developers to embed “session replay” technology into their apps. These session replays let

Continue reading “Many popular iPhone apps secretly record your screen without asking”

Europe’s highest human rights court to hear challenge to UK’s bulk surveillance regime


This post is by Natasha Lomas from TechCrunch


Click here to view on the original site: Original Post




The Grand Chamber of the European Court of Human Rights (ECHR) has agreed to hear a legal challenge to the use of bulk data collection surveillance powers by UK intelligence agencies.

Last September a lower chamber of the ECHR ruled that UK surveillance practices violated human rights law but did not find bulk collection itself to be in violation of the convention.

The civil and digital groups and charities behind the challenge, which include Liberty, Privacy International and Amnesty International, are hoping for a definitive judgement against bulk collection from Europe’s highest human rights court.

The legal challenge dates back around five years, and stems from the 2013 disclosures of government surveillance programs revealed by NSA whistleblower Edward Snowden .

The ECHR’s lower court heard an amalgam of complaints from three cases. And in a landmark judgement last fall it found the UK’s bulk interception regime had violated Article 8 of

Continue reading “Europe’s highest human rights court to hear challenge to UK’s bulk surveillance regime”

Why no one really quits Google or Facebook


This post is by Danny Crichton from TechCrunch


Click here to view on the original site: Original Post




Another week, another set of scandals at Facebook and Google . This past week, my colleagues reported that Facebook and Google had abused Apple enterprise developer certificates in order to distribute info-scraping research apps, at times from underage users in the case of Facebook. Apple responded by cutting off both companies from developer accounts, before shortly restoring them.

The media went into overdrive over the scandals, as predictable as the companies’ statements that they truly care about users and their privacy. But will anything change?

I think we know the answer to this question: no. And it is never going to change because the vast majority of users just don’t care one iota about privacy or these scandals.

Privacy advocates will tell you that the lack of a wide boycott against Google and particularly Facebook is symptomatic of a lack of information: if people really understood what was happening with

Continue reading “Why no one really quits Google or Facebook”