WebProNews

Category: CybersecurityUpdate

CybersecurityUpdate

  • Zoom Charts Path Toward End-to-End Encryption For All Users

    Zoom Charts Path Toward End-to-End Encryption For All Users

    Zoom is adding end-to-end encryption (E2EE ) for all users, reversing a decision made just weeks ago to reserve the highest security for paid plans.

    Zoom has been in hot water more than once in recent months over its encryption claims and policies. Originally, the company’s marketing led customers to believe it provided E2EE when it did not. Once the company finally rolled out the upgraded encryption, it said it would only be for paid subscribers.

    The rationale for the decision was that free plans were more likely to be used for illegal activities, and the company wanted to be able to work with the FBI and local law enforcement. Needless to say, the stand was not a popular one.

    It appears the company has changed direction, and charted what it believes will be a compromise solution that will allow it to offer E2EE to free users.

    “To make this possible, Free/Basic users seeking access to E2EE will participate in a one-time process that will prompt the user for additional pieces of information, such as verifying a phone number via a text message,” writes CEO Eric S. Yuan. “Many leading companies perform similar steps on account creation to reduce the mass creation of abusive accounts. We are confident that by implementing risk-based authentication, in combination with our current mix of tools — including our Report a User function — we can continue to prevent and fight abuse.”

    The move is measured solution that will likely satisfy most critics.

  • Ransomware Attack Shuts Down Knoxville’s Network

    Ransomware Attack Shuts Down Knoxville’s Network

    Knoxville, TN has suffered a major ransomware attack, forcing it to shut down its entire network.

    According to BleepingComputer, a notice was sent out to city employees Thursday morning informing them of the issues.

    “Please be advised that our network has been attacked with ransomware,” reads the notice.

    “Information Systems is currently following recommended protocols. This includes shutting down servers, our internet connections, and PCs. Please do not log in to the network or use computer applications at this time.”

    So far, Knox County government computers were not impacted. Police and fire department operations are intact, although neither can access the network.

    As BleepingComputer points out, no group has yet claimed responsibility, although the FBI is investigating the incident. At the same time, officials said no personal data or credit card information was accessed or stolen.

    Ransomware has become one of the biggest threats to online security, with attacks costing the US an estimated $7.5 billion in 2019. Knoxville is just the latest example of the problems these attacks can cause.

  • Microsoft Joins IBM & Amazon, Won’t Sell Facial Recognition Tech to Police

    Microsoft Joins IBM & Amazon, Won’t Sell Facial Recognition Tech to Police

    Microsoft has become the third major tech company to announce it will not sell facial recognition technology to police.

    In the wake of George Floyd’s death, the US has been gripped by mass protests, with protesters, civil rights leaders, critics and politicians alike calling for police and social justice reform. Companies are also taking a fresh look at how the technology they invent is being used by police.

    IBM was the first major company to announce a moratorium on selling facial recognition software to police, with Amazon quickly following suit. Now Microsoft has made a similar announcement.

    “We will not sell facial-recognition technology to police departments in the United States until we have a national law in place, grounded in human rights, that will govern this technology,” company president Brad Smith told The Washington Post.

    IBM and Amazon likewise called on government to better regulate the technology. Facial recognition software is particularly vulnerability to abuse, as studies have shown it struggles to be unbiased when factoring in age, race and sex.

    While the government has yet to put strong safeguards in place, it seems tech companies are now self-regulating to an unprecedented degree.

  • UK/Huawei Showdown Heats Up

    UK/Huawei Showdown Heats Up

    The ongoing showdown over the UK’s decision to revisit Huawei’s role in the country’s 5G network is heating up.

    In contrast to the US, Australia and New Zealand, the UK is the only one of the so-called “Five Eyes” alliance of countries that formally decided to include Huawei in its 5G network plans, albeit in a limited role. Meanwhile, the fifth member of the Five Eyes, Canada, is still undecided.

    Ultimately, however, multiple factors have forced the UK to revisit its initial decision. US officials have warned that involving Huawei in its network would force the US to reconsider its military and intelligence assets within the UK. On top of that, the US has taken measures to limit Huawei’s access to the semiconductor chips it needs for its equipment, further endangering the UK’s plans.

    Now that the UK is officially reviewing the decision, parties on both sides are mounting increasing pressure. According to CNBC, NATO Secretary General Jens Stoltenberg has come out in favor of the UK’s security review, telling BBC radio “I trust that the U.K. government will design their networks in ways that protect the networks and make sure that the U.K. has secure 5G networks.”

    On the flip side, Huawei is pulling out the stops to win over public opinion. According to the BBC, the Chinese company is engaging in a newspaper and internet media blitz to remind the British public that it has been in business in the UK for some 20 years.

    Ultimately, there will be winners and losers regardless of what the UK decides. If it continues with its plans to include Huawei, it risks its “special relationship” with the US. If, on the other hand, it bans Huawei as the US has done, it risks alienating one of its biggest trading partners.

  • Amazon Follows IBM, Bans Police Use of Rekognition

    Amazon Follows IBM, Bans Police Use of Rekognition

    Amazon has announced a one-year moratorium on police use of its facial recognition software, Rekognition.

    IBM previously announced it was ending the sale of general purpose facial recognition software in an effort to support civil rights and police reform. Now Amazon is following suit, banning police use of its own facial recognition software for one year.

    Amazon’s statement, in its entirety, reads:

    We’re implementing a one-year moratorium on police use of Amazon’s facial recognition technology. We will continue to allow organizations like Thorn, the International Center for Missing and Exploited Children, and Marinus Analytics to use Amazon Rekognition to help rescue human trafficking victims and reunite missing children with their families.

    We’ve advocated that governments should put in place stronger regulations to govern the ethical use of facial recognition technology, and in recent days, Congress appears ready to take on this challenge. We hope this one-year moratorium might give Congress enough time to implement appropriate rules, and we stand ready to help if requested.

    When IBM announced its decision, we wrote: “In the wake of recent events, however, it’s likely IBM won’t be the only company to take such a stand.”

    Amazon has proved that statement true, and it will likely not be the last company to do so.

  • Signal Now Allows Chat History Transfer on iOS

    Signal Now Allows Chat History Transfer on iOS

    Secure messaging app Signal has added the ability to transfer one’s chat history on iOS devices.

    Signal is a popular messaging app that is widely considered to be the most secure messaging platform available. It is used by Edward Snowden, and even Senate staff are encouraged to use it.

    One glaring issues on iOS has been the inability to transfer your chat history to a new device. Instead, moving to a new device meant leaving behind all your Signal threads (this writer can personally attest to how frustrating it was). Now, however, it seems Signal has finally brought this feature to iOS.

    “Signal iOS now includes a new feature that makes it possible to switch to a brand-new iPhone or iPad while securely transferring Signal information from your existing iOS device,” writes Nora Trapp on Signal’s blog. “As with every new Signal feature, the process is end-to-end encrypted and designed to protect your privacy. Transfers also occur over a local connection (similar to AirDrop), so even large migrations can be completed quickly.”

    The only caveat is the transfer process requires access to the old phone, so it won’t work if it has been sold, lost or stolen. As long as you still have the old phone, however, simply install Signal on the new phone and go through the registration process. After entering your number, the app will ask if you want to transfer your messages from your old device. If you opt to migrate, your old phone will provide a migration prompt, while the new phone will generate a QR code. Scan the QR code on the new phone with the old one and the transfer will begin.

    This is excellent news for Signal fans and eliminates one of the few pain points associated with having the most secure communication possible.

    Image Credit: Signal

  • Honda Partially Halts Production Due to Cyberattack

    Honda Partially Halts Production Due to Cyberattack

    Honda has had to halt production at some of its facilities as a result of a cyberattack.

    Honda’s car factories in Ohio and Turkey, and its motorcycle plants in South America and India, have been forced to stop production because of what appears to be the SNAKE ransomware, reports Bloomberg.

    This particular variant seems targeted specifically at Honda. According to Bleeping Computer, “a security researcher named Milkream has found a sample of the SNAKE (EKANS) ransomware submitted to VirusTotal today that checks for the internal Honda network name of “mds.honda.com”.

    In good news for the company, its Japanese facilities were not impacted. What’s more, it does not appear there was an information breach, nor does any personal information appear to have been accessed.

    While the impact to Honda will likely be minimal, this latest attack illustrates the ongoing battle against ransomware. It’s estimated ransomware cost some $7.5 billion in 2019 alone. Needless to say, Honda and countless other companies will continue to be prime targets.

  • Java Ransomware Spotted In The Wild

    Java Ransomware Spotted In The Wild

    A Java-based ransomware that targets the software market and education sectors has been spotted in the wild by Blackberry.

    The BlackBerry Research and Intelligence Team, working with KPMG’s UK Cyber Response Services, recently discovered the ransomware, dubbed “Tycoon.” The ransomware is written in Java and has been in the wild since at least December 2019.

    According to the researchers, “it is deployed in the form of a Trojanized Java Runtime Environment (JRE) and leverages an obscure Java image format to fly under the radar.”

    Once a computer has been infiltrated, the software encrypts files using an AES-256 algorithm. To make matters worse, the ransomware overwrites deleted files in each encryption path, ensuring they cannot be recovered without the decryption key.

    There are two spots of good news, however. First, it does not appear that the ransomware is widespread, leading the researchers to believe “the malware may be highly targeted.”

    Even better, it appears the hackers used the same encryption key repeatedly. As a result, some have had success using a deception key purchased by one of the other victims.

    “Because of the use of asymmetric RSA algorithm to encrypt the securely generated AES keys, the file decryption requires obtaining the attacker’s private RSA key,” the researchers write. “Factoring a 1024-bit RSA key, although theoretically possible, has not been achieved yet and would require extraordinary computational power.

    “However, one of the victims seeking help on the BleepingComputer forum posted a private RSA key presumably coming from a decryptor the victim purchased from the attackers. This key has proven to be successful in decryption of some of the files affected by the earliest version of Tycoon ransomware that added the .redrum extension to the encrypted files.”

    Unfortunately, later versions of the malware use “.grinch” and “.thanos” as the file extensions, and the reused key does not work on those files.

  • IBM Unveils Homomorphic Encryption Toolkit for macOS and iOS

    IBM Unveils Homomorphic Encryption Toolkit for macOS and iOS

    IBM has unveiled a toolkit for developers to start implementing homomorphic encryption on macOS and iOS.

    Homomorphic encryption is an exciting evolution of encryption technology that allows authorized individuals to manipulate encrypted data without decrypting it. Any computations performed on the data will provide the same results as if they had been performed on an unencrypted copy.

    This has tremendous benefits to data security, as the decryption step is a weak point in the process. Once data is decrypted in traditional encryption methods, anything can happen to it. Homomorphic encryption, however, ensures it remains protected, while still being able to be used.

    “FHE is particularly suited to industries which are regulated and make use of private, confidential and ‘crown jewel’ data, such as finance and healthcare, since the technology can make it possible to share financial information or patient health records broadly while restricting access to all but the necessary data,” writes IBM’s Flavio Bergamaschi.

    While adopting homomorphic encryption will require rethinking the entire security process, its advantages would seem to be well worth it.

  • Messaging App Signal Adds Blur Tool

    Messaging App Signal Adds Blur Tool

    Popular messaging app Signal has added blur tools to help protect the identities and privacy of people in photos.

    Signal is widely to considered to be the most secure messaging platform on the planet. It uses end-to-end encryption and is open-source software. It is so secure that Edward Snowden uses it and the US Senate has urged senators and their aides to use it.

    Now the company is taking the next step, adding blur tools to help protect the identity of people in photos.

    “The latest version of Signal for Android and iOS introduces a new blur feature in the image editor that can help protect the privacy of the people in the photos you share,” writes Moxie Marlinspike, Signal’s creator and CEO. “Now it’s easy to give every face a hiding place, or draw a fuzzy trace over something you want to erase. Simply tap on the new blur tool icon to get started.”

    The new feature relies on the underlying libraries in iOS and Android. As a result, all of the processing is done on-device, ensuring absolute privacy. In the event the underlying libraries don’t detect a face and blur it automatically, the new tool can also be used to manually blur an area with the blur brush.

    This is an excellent upgrade to an already stellar application, and will surely see widespread use.

  • The Case For Paid Zoom Plans: Free Plans Don’t Have End-to-End Encryption

    The Case For Paid Zoom Plans: Free Plans Don’t Have End-to-End Encryption

    Following Zoom’s addition of end-to-end encryption, the company’s CEO made it clear that only paying customers benefit from it.

    Zoom has become one of the dominant video communication platforms during the coronavirus pandemic, going from 10 million daily users to well over 200 million, and hitting 300 million at times. In spite of its dominance, Zoom has faced significant criticism for weak security. The company was forced to put a 90-day moratorium on new features, as it pivoted to security fixes.

    One of the biggest criticisms was the type of encryption Zoom used, with its marketing giving the impression it was end-to-end when, in fact, it was not. Zoom quickly moved to address the issue and offer true end-to-end encryption.

    In spite of that, not everyone will benefit from the upgrade. According to Bloomberg, in a call with analysts, CEO Eric Yuan indicated free users are out in the cold.

    “Free users for sure we don’t want to give that because we also want to work together with FBI, with local law enforcement in case some people use Zoom for a bad purpose,” said Yuan.

    The move is already receiving criticism and it will be interesting to see if Zoom sticks to its guns or upgrades free users as well.

  • Parachute Introduces Superlock, Prevents Others From Stopping Your Video

    Parachute Introduces Superlock, Prevents Others From Stopping Your Video

    Parachute has introduced a new feature, Superlock, that is designed to stop an unauthorized user from killing your live-streamed video.

    Parachute (then known as Witness) won grand prize at the TechCrunch Disrupt NY 2015 Hackathon. The app was designed as a virtual panic button, and was “initially inspired by a series of events where the outcome hinged on a chance recording by a nearby witness.”

    Now the company has introduced Superlock, adding a new layer of protection, especially in potentially high-risk situations.

    “Superlock is a very powerful add-on that is a game-changer for people who use Parachute in situations where there is risk of their phone being taken away from them by an attacker, police officer or other unauthorized person,” writes Marinos, Parachute CEO. “Superlock locks down Parachute, so someone who manages to get a hold of your phone will not be able to stop Parachute, even if they try to switch off your phone. Superlock keeps your phone locked while also continuing to record and live-stream your video, audio and location undisrupted.”

    The feature will likely gain widespread use, as its release coincides with the wide-scale protests over the death of George Floyd.

  • Majority of Users Don’t Change Passwords After Data Breach

    Majority of Users Don’t Change Passwords After Data Breach

    A new study has found the vast majority of users fail to change their passwords after being notified their data was impacted by a security breach.

    Virtually everyone has received an email from a credit agency, or a company whose products and services they use, informing them their data was compromised in a breach. Inevitably, those emails include recommendations to change their password. Unfortunately, it appears those warning go largely unheeded.

    Sruti Bhagavatula and Lujo Bauer of the Carnegie Mellon University, and Apu Kapadia of the Indiana University Bloomington, conducted a study on the aftermath of data breaches, with a goal to helping companies better mitigate damage.

    According to the researchers, “only 21 of the 63 affected participants changed a password on a breached domain after the breach announcement.”

    To make matters even worse, “previous work has shown that, on average, a user exactly or partially reuses their passwords on over 50% of their accounts.”

    This means that many customers are not only at ongoing risk from the data breach directly impacting them, but their data on other, unrelated sites is also at risk because of reusing passwords.

    The study illustrates that companies need to do a far better job of helping customers choose more secure passwords, and engage them post-breach to help them update their passwords and information. Overall, the study is an in-depth look at the challenges companies face in order to better mitigate the impact of data breaches and is a must-read for any security professional.

  • ACLU Files Lawsuit Against Clearview AI

    ACLU Files Lawsuit Against Clearview AI

    The ACLU has filed a lawsuit in Illinois against facial recognition firm Clearview AI.

    Clearview AI made headlines when it was discovered the firm was scraping millions of websites, including the major social media platforms, to amass a database of billions of photos to pair with its facial recognition software. The company claimed it only made its service available to law enforcement and security personnel, but it was later discovered that was a lie. The company had also let friends and investors use its software for personal interests.

    In addition, Clearview has expanded internationally, including making deals with authoritarian regimes. To make matters even worse, there has been at least one instance where the company appeared to be monitoring law enforcement searches and using that information to dissuade police from talking with the press about Clearview.

    The ACLU has had enough and filed a lawsuit in the state of Illinois. Illinois is the perfect state to file the suit in, as it has strict Biometric Information Privacy Act (BIPA) legislation that has already been successfully used in court.

    In its lawsuit, the ACLU and companies joining it, “are asking the court to order Clearview to delete faceprints gathered from Illinois residents without their consent and cease capturing new faceprints unless they comply with BIPA consent procedures. Until such remedies are implemented, Clearview’s egregious violations of privacy pose a disastrous threat and affront to our rights.”

    Here’s to hoping the ACLU is successful in suing Clearview AI into oblivion.

  • Britain Wants to Create 5G Alliance to Counter China

    Britain Wants to Create 5G Alliance to Counter China

    Following ongoing issues with its decision to include Huawei in part of its 5G network, Britain is now interested in creating a 5G alliance to counter China.

    The US has banned Huawei over allegations it serves as part of Beijing’s spying apparatus. US officials have gone on to wage an intense campaign to convince its allies to do the same.

    The US’ closest ally, the UK, attempted to work out a compromise solution wherein Huawei would be allowed to participate in the country’s 5G network in a limited role. That move has caused the US to reevaluate military and intelligence assets in the UK. It’s the US’ latest move, however, to cut off Huawei’s chip supplies that may have forced the UK to reconsider its decision.

    According to the Times of London, British officials may be prepared to go farther, “seeking to forge an alliance of ten democracies to create alternative suppliers of 5G equipment and other technologies to avoid relying on China.

    “New concerns about Huawei, the Chinese telecoms giant, have increased the urgency of the plan after security officials began a review into its involvement in the mobile network upgrade.”

    It’s probably a safe bet the UK will be able to drum up the necessary support for a proposed alliance.

  • Arizona Sues Google For Collecting Location Data After Users Opt Out

    Arizona Sues Google For Collecting Location Data After Users Opt Out

    Arizona Attorney General Mark Brnovich has filed a lawsuit against Google, claiming the search giant collects location data even after users opt out.

    Google has been under increasing scrutiny, both in the US and Europe, over its privacy practices. Arizona is the latest to take the search giant to task, claiming it is illegally collecting information on its users.

    “While Google users are led to believe they can opt-out of location tracking, the company exploits other avenues to invade personal privacy,” said Attorney General Mark Brnovich. “It’s nearly impossible to stop Google from tracking your movements without your knowledge or consent. This is contrary to the Arizona Consumer Fraud Act and even the most innovative companies must operate within the law.”

    The Arizona AG began its investigation in 2018, in the wake of an Associated Press article calling Google out for blatantly lying to its users about when their data was being collected. That report proved that Google continued to track users, despite telling them their location would not be stored if Location History was turned off. Instead, the company simply used one of any number of other methods to continue tracking their customers’ locations.

    In the course of the investigation, Arizona discovered “that Google uses deceptive and unfair practices to collect as much user information as possible and makes it exceedingly difficult for users to understand what’s being done with their data, let alone opt-out.”

    It will be interesting to see how Google responds although, looking at the court filing, it appears the Arizona AG has meticulously built a solid case.

  • Google Scores Defense Innovation Unit Contract

    Google Scores Defense Innovation Unit Contract

    While Microsoft and Amazon battle it out in court over one Department of Defense (DOD) contract, Google has secured a contract of its own.

    The Defense Innovation Unit (DIU) is an organization within the DOD that helps the military innovate by adopting commercial software. As a result, the DIU helps prototype, deploy and scale commercial solutions to meet needs within the military.

    The DIU has selected Google Cloud to build a secure cloud management solution based on Anthos, providing a multi-cloud approach that is managed from Google Cloud Console. Google Cloud will also use Istio for secure communication and Netskope for cloud security. This will allow the DIU to run web apps on multiple clouds, including Google Cloud, AWS and Microsoft Azure, and help the organization combat cyber threats worldwide.

    “Google Cloud is a pioneer in ‘zero trust’ security and in deploying innovative approaches to protecting and securing networks worldwide,” said Mike Daniels, Vice President, Global Public Sector, Google Cloud. “We’re honored to partner with DIU on this critical initiative to protect its network from bad actors that pose threats to our national security.”

    “Government agencies shouldn’t have to choose between security and throughput,” said Beau Hutto, VP Public Sector, Netskope. “Netskope is a leader in providing complete visibility and control for managed and unmanaged applications. This secure cloud management solution will help the DIU maintain vigilance, while also helping it seamlessly manage applications in service of its mission.”

  • Qatar Demonstrates Danger of Contact Tracing Apps

    Qatar Demonstrates Danger of Contact Tracing Apps

    A major security vulnerability left Qatari citizens open to having highly sensitive, personal information stolen.

    Qatar is one of the many countries that has rolled out a contact tracing app. Contact tracing is widely considered to be one of the keys to getting a handle on the coronavirus pandemic. Unfortunately, there is tremendous potential for an app to be abused, or for poor security to open users up to hackers and scammers. For example, North Dakota’s Care19 app was recently discovered to be sharing location data with FourSquare.

    Qatar’s app is now the latest to have an issue, with Amnesty International’s Security Lab discovering a serious vulnerability that “would have allowed cyber attackers to access highly sensitive personal information, including the name, national ID, health status and location data of more than one million users.”

    To make matters worse, the Qatari contact tracing app is mandatory for the country’s citizens, ensuring virtually everyone was at risk. Amnesty International informed the authorities on May 21 of the vulnerability and they released a fix the very next day.

    “While the Qatari authorities were quick to fix this issue, it was a huge security weakness and a fundamental flaw in Qatar’s contact tracing app that malicious attackers could have easily exploited. This vulnerability was especially worrying given use of the EHTERAZ app was made mandatory last Friday,” said Claudio Guarnieri, Head of Amnesty International’s Security Lab.

    “This incident should act as a warning to governments around the world rushing out contact tracing apps that are too often poorly designed and lack privacy safeguards. If technology is to play an effective role in tackling the virus, people need to have confidence that contact tracing apps will protect their privacy and other human rights.”

    Hopefully governments around the world will take note of Qatar’s example and work hard to protect their citizens’ privacy.

  • Google Bringing End-to-End Encryption to RCS Messages

    Google Bringing End-to-End Encryption to RCS Messages

    Google appears prepared to bring end-to-end encryption to RCS messages, helping it better compete with Apple iMessages.

    RCS is considered the successor to basic text messages, offering a number of feature not possible with the older technology. Larger groups chats, read receipts, chat over WiFi, typing indicators, group management (adding/removing participants) and more. These are features Apple iMessages have had since the beginning, but only work when communicating with other Apple devices.

    The one area where RCS has lagged behind, however, is security. While RCS does have encryption, it does not support end-to-end encryption, which is considered the gold-standard of protecting user privacy. Now, that appears to be changing.

    According 9to5Google, APKMirror has discovered one of Google Messages internal “dog food” builds. The term “dog food” is used in software development to describe using your own product to find the flaws in it, before asking customers to use it—as in “eat your own dog food.”

    There are a number of interesting features Google appears to be working on. Just as iMessages can fall back to SMS or MMS, Google Messages will have the same option. In an improvement over iMessages, however, Google Messages will warn the user that SMS and MMS does not support encryption when falling back to it. Similarly, Google will ask if a user wants to grant access to encrypted messages to apps that otherwise have access to standard messages.

    Overall, this is a welcome upgrade to RCS messages, especially since Google rolled them out to all users in the US late last year.

  • Companies Vow to Fight Warrantless Browser Data Access

    Companies Vow to Fight Warrantless Browser Data Access

    Following the defeat of a Senate amendment that would have banned warrantless browser data access, a coalition of companies are taking the fight to the House.

    Mozilla, Engine, Reddit, Inc., Reform Government Surveillance, Twitter, i2Coalition and Patreon all signed a letter addressed to four of the US House of Representatives members. In the letter, they state the following:

    “We urge you to explicitly prohibit the warrantless collection of internet search and browsing history when you consider the USA FREEDOM Reauthorization Act (H.R. 6172) next week. As leading internet businesses and organizations, we believe privacy and security are essential to our economy, our businesses, and the continued growth of the free and open internet. By clearly reaffirming these protections, Congress can help preserve user trust and facilitate the continued use of the internet as a powerful contributing force for our recovery.”

    The companies highlight that Senators Ron Wyden and Steve Daines introduced an amendment in the Senate to ban the warrantless collection of browser data when the USA PATRIOT Act was renewed. That amendment had supermajority support in the Senate, as well as wide bipartisan support, but failed because several senators failed to show up for the vote.

    The companies point out in their letter that web browsing data “can provide a detailed portrait of our private lives. It may reveal medical conditions, religious beliefs, and personal relationships, and it should be protected by effective legal safeguards.”

    While Mozilla does not collect that data, the companies strongly believe there needs to be legislations specifically prohibiting its use without a warrant. Moves like this are one of the reasons Mozilla continues to be one of the strongest voices in the fight for privacy.

  • Facebook Beefs Up Messenger Security

    Facebook Beefs Up Messenger Security

    Facebook has announced significant new measures to increase the security of Messenger, as well as combat predators and scammers.

    Tech giants have increasingly been under pressure to do more to protect their users, especially minors. Social media and online platforms have become the tool of choice for many individuals looking to prey on children. Even adults are often faced with a plethora of security risks and potential scams.

    In a blog post, Jay Sullivan, Director of Product Management, Messenger Privacy and Safety, outlines a number of new features the company is implementing.

    Facebook is moving its messaging service to end-to-end encryption, which will provide a far greater degree of privacy. At the same time, it has required the company to come up with new ways to help protect its users, since end-to-end encryption prevents it from reading or monitoring messages. Instead, Facebook has turned to machine learning to analyze patterns of behavior that could indicate something is amiss.

    “Keeping minors safe on our platforms is one of our greatest responsibilities,” writes Sullivan. “Messenger already has special protections in place for minors that limit contact from adults they aren’t connected to, and we use machine learning to detect and disable the accounts of adults who are engaging in inappropriate interactions with children. Our new feature educates people under the age of 18 to be cautious when interacting with an adult they may not know and empowers them to take action before responding to a message.”

    Facebook is also using new safety notices as a way to better educate people and help them spot scams sooner. Overall, these features are welcome news from Facebook and should go a long way toward protecting its users.