WebProNews

Category: CybersecurityUpdate

CybersecurityUpdate

  • FBI Using Fitness App to Track You

    FBI Using Fitness App to Track You

    It was bound to happen. With mass surveillance being one of the most effective tools in the fight against the coronavirus pandemic, the FBI may be taking the first steps.

    Monday the FBI sent out a tweet recommending their fitness app for individuals looking for ways to stay active and fit while stuck indoors as a result of the virus.

    #MondayMotivation Are you looking for tips for indoor workouts? Download the #FBI’s Physical Fitness Test app to learn proper form for exercises you can do at home like pushups and situps. http://ow.ly/6y3f50yQeHj

    — FBI (@FBI) 3/23/20

    As multiple users started pointing out, however, when the app is downloaded, it asks for specific location information, as well as what WiFi networks you connect to. While Twitter may not always be the bastion of sound, measured responses, in this case the Twitterverse appears to be spot on in largely taking a hard pass on downloading the app.

    The app is, at least in part, governed by the Privacy Policy posted on fbi.gov, especially when the app is accessing the site. That policy makes the following statement:

    “To protect the system from unauthorized use and to ensure that the system is functioning properly, individuals using this computer system are subject to having all of their activities monitored and recorded by personnel authorized to do so by the FBI (and such monitoring and recording will be conducted). Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals evidence of possible abuse or criminal activity, system personnel may provide the results of such monitoring to appropriate officials. Unauthorized attempts to upload or change information or otherwise cause damage to this service are strictly prohibited and may be punishable under applicable federal law.”

    In view of that statement, it looks as though it is technically possible for the FBI to legally justify using the app for surveillance. Consider yourself forewarned.

  • Americans Being Targeted by Coronavirus Digital Fraud

    Americans Being Targeted by Coronavirus Digital Fraud

    TransUnion research shows Americans are being targeted by coronavirus-related digital fraud in alarming numbers.

    As the coronavirus pandemic forces more Americans to stay at home, ecommerce has become a critical part of everyday life. Even basic necessities are being purchased online, rather than through physical stores. Bad actors are taking advantage of that trend, targeting Americans in an effort to defraud them.

    TransUnion surveyed 1068 adults, finding 1 in 5 (22%) had been targeted with coronavirus-related digital fraud. “In the report, TransUnion Global Fraud & Identity Solutions reported a 347% increase in account takeover and 391% rise in shipping fraud attempts globally against its online retail customers from 2018 to 2019.”

    Methods of taking over accounts included buying credentials on the dark web, social engineering, romance scams, phishing and more. Once an account is taken over, fraudsters can steal packages by intercepting them at the carrier and changing the shipping address, rather than attracting attention by doing it online.

    “With so many reported data breaches, it’s not just about if your account will be hijacked, it’s about when,” said Melissa Gaddis, senior director of customer success for TransUnion Fraud & Identity Solutions. “Once a fraudster breaks into an account, they have access to everything imaginable resulting in stolen credit card numbers and reward points, fraudulent purchases, and redirecting shipments to other addresses.”

    TransUnsion’s report is a good reminder that, even in a time of global crisis, individuals need to practice solid cybersecurity to keep their information, purchases and finances safe.

  • Mozilla Launches ‘Firefox Better Web with Scroll’ Test Pilot

    Mozilla Launches ‘Firefox Better Web with Scroll’ Test Pilot

    Firefox has announced the launch of a new Test Pilot program, Better Web with Scroll, aimed at improving the web experience for both publishers and users.

    Firefox is one of the most privacy-oriented companies in the world, and is constantly working to tackle problems related to privacy and the overall health of the web. Its latest initiative is designed to help publishers who have been hard hit by various privacy features, while at the same time incentivizing them to focus on quality content, rather than ad-driven quantity.

    “If we’re going to create a better internet for everyone, we need to figure out how to make it work for publishers,” writes Matt Grimes. “Last year, we launched Enhanced Tracking Protection by default and have blocked more than two trillion third-party trackers to date, but it didn’t directly address the problems that publishers face. That’s where our partner Scroll comes in. By engaging with a better funding model, sites in their growing network no longer have to show you ads to make money. They can focus on quality not clicks. Firefox Better Web with Scroll gives you the fast, private web you want and supports publishers at the same time.”

    The new initiative is based on Mozilla’s previously announced efforts to find alternative ways for publishers to monetize their content, without relying on ads. This is what led the non-profit to partner with Scroll. To join Firefox Better Web, users need to sign up for a Firefox account and install an extension. For the first six months, the service is discounted 50%, costing $2.50 a month. The money goes into a fund that is used to compensate writers and publishers. According to Mozilla, early tests show sites make at least 40% more than they would relying on ads.

    “Firefox Better Web combines the work we’ve done with third-party tracking protection and Scroll’s network of outstanding publishers,” adds Grimes. “This ensures you will get a top notch experience while still supporting publishers directly and keeping the web healthy.”

  • Hackers Targeting Unpatched Windows Bug

    Hackers Targeting Unpatched Windows Bug

    Microsoft has issued an advisory warning that hackers are using a new, unpatched bug to target Windows users.

    According to the advisory, “Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released.

    “Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font – Adobe Type 1 PostScript format.

    “There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane.”

    Microsoft is working on a fix and will likely include the fix on Update Tuesday, the second Tuesday of the month.

  • Google Sued For Collecting Children’s Personal Data

    Google Sued For Collecting Children’s Personal Data

    Google is facing yet another privacy-related issue, with New Mexico Attorney General Hector Balderas suing the company for collecting children’s personal data.

    The suit stems from Google’s sale of its Chromebook devices to schools for their students’ use, along with the company’s G Suite of office software and email. According to the lawsuit, the company collects vast amounts of personal information, via the services, from students under 13 years-old and without parental consent.

    “Student safety should be the number one priority of any company providing services to our children, particularly in schools,” said Attorney General Balderas. “Tracking student data without parental consent is not only illegal, it is dangerous; and my office will hold any company accountable who compromises the safety of New Mexican children.”

    In a letter to Google CEO Sundar Pichai, Balderas expresses his concern about the dangers associated with the alleged data collection:

    “Because the data Google has illegally collected can then be spread across the globe through both legitimate and illegitimate means, I am bringing a lawsuit to immediately stop this practice. Data brokers and marketing technology firms that do business with Google have been credibly accused of targeting children under the age of 13 with age-inappropriate advertising. Worse yet, some of these same firms have suffered significant data breaches, causing personal information to end up for sale on the dark web, hosted in countries well beyond the reach of law enforcement. As Attorney General, I must take swift legal action in order to protect our children.”

    According to Reuters, Google has denied the allegations, calling them “factually wrong,” although they did not elaborate. We will continue to monitor the story and provide updates.

  • Coronavirus: Senators Express Privacy Concerns Over Google Screening Site

    Coronavirus: Senators Express Privacy Concerns Over Google Screening Site

    It was bound to happen: Senators have expressed concern about Google’s role in developing a site to help screen potential coronavirus patients.

    Google was caught off guard last week when President Trump said the company had 1,700 engineers working on a website designed to help screen potential coronavirus patients. In spite of the surprise, Google quickly got on board with the project and vowed to develop the site Trump had promised.

    Unfortunately for the company, however, Google doesn’t have the best track record with privacy and security. As a result, several senators have raised concerns about the project, in a letter to Google CEO Sundar Pichai. Joining Sen. Bob Menendez in sending the letter were Sens. Sherrod Brown, Cory Booker, Kamala Harris and Richard Blumenthal.

    “There are numerous privacy concerns about such an endeavor, including: whether people will be required to sign waivers forfeiting their privacy and personal data in order to access the questionnaire; whether Google or any of its subsidiaries will be prohibited from using data received through the website for commercial purposes; and whether Google and any of its subsidiaries will be prohibited from selling any data collected through the website to a third-party.”

    The letter goes on to highlight the valuable nature of the data that will be collected and how much of a target it will be for hackers.

    “To state the obvious, the information Americans enter on this website will be highly valuable to potential hackers, foreign state and nonstate actors with nefarious intent, and other criminal enterprises,” the senators continue. “We are concerned that neither the Administration nor Google has fully contemplated the range of threats to Americans’ personally identifiable information.”

    Both points the letter raises are extremely pertinent. It was recently discovered that Google partnered with the Ascension healthcare group to collect the medical records of millions of American patients, without their knowledge. If patients are going to trust a website Google creates, they need to know their data is going to be used for the advertised purpose and not swallowed up into one of Google’s other commercial endeavors. Likewise, the data will represent a goldmine for hackers, requiring the very best in security technologies and processes.

    The senators certainly aren’t the only individuals questioning whether Google is up to the task—on both fronts.

  • Shadowserver, Protector of the Internet, Needs Help

    Shadowserver, Protector of the Internet, Needs Help

    Shadowserver is a non-profit many have never heard of, yet it plays a vital role in protecting the internet. Now it needs helps to survive.

    The Shadowserver Foundation was started in 2004 and serves as one of the preeminent sources of information for internet security professionals. The foundation scans the entire internet multiple times a day; creates activity reports for vetted subscribers and law enforcement; and keeps a massive database of malware for researchers to study.

    Despite the foundation’s important work, in an announcement on the website, Shadowserver says it “urgently needs your financial support, to help quickly move our data center to a new location and continue being able to operate our public benefit services.”

    Shadowserver strikes an optimistic tone, confident it will receive the help it needs.

    “We are confident that, with the help of our sponsors, constituents and the community, The Shadowserver Foundation can continue this important fight and serve you all even more effectively, for many years to come. We need to ensure that victims of cybercrime continue to be protected, and the cybercriminals do not win. We look forward to working together with you all to find the right solution for everyone.”

    There are few companies that do more to protect the internet than Shadowserver, meaning saving it is a worthwhile goal. Individuals interested in becoming sponsors can do so here.

  • Microsoft Edge Has Worst Default Privacy Settings

    Microsoft Edge Has Worst Default Privacy Settings

    In a study of major web browsers, Microsoft’s Edge was found to have the worst default privacy settings of the entire bunch.

    Douglas J. Leith, computer scientist with the School of Computer Science & Statistics, Trinity College Dublin, Ireland, conducted the research on Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser, Microsoft Edge and Yandex Browser. The study evaluated a number of different factors, including the data transmitted by search autocomplete features, data transmitted while the browsers are idle, back-end services the browsers use and more.

    Brave took the top spot, with not evidence of “identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers,” according to Leith. Chrome, Firefox and Safari were in the middle of the pack.

    “From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied,” continued Leith. “Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.”

    For individuals and companies concerned with privacy and security, it seems Edge is the one to avoid until Microsoft tightens things up.

  • Uber Taking LADOT to Federal Court

    Uber Taking LADOT to Federal Court

    Uber is taking its battle against the Los Angeles Department of Transportation (LADOT) over customer data to federal court.

    While Uber already shares location data for its electric bike and scooter ride-sharing services with many cities it operates in, the LADOT has required that Uber share real-time, or near real-time, data with the agency. The data would include start and end points, as well as the route taken. Uber has fought the ruling and ultimately had its license for its scooter business pulled.

    The company appealed the ruling, which was heard by David B. Shapiro, a lawyer who has handled multiple city departments appeals. Shapiro sided with LADOT, but noted that neither side had made very compelling arguments. Uber had not given evidence that real-time data was being abused, or that customers’ privacy was negatively impacted. At the same time, LADOT did not adequately show why it was so important to receive real-time data.

    Now Uber is taking the next step, suing the LADOT in federal court. According to CNET, the company is continuing to claim that customer privacy will be negatively impacted.

    “Real-time in-trip geolocation data is not good for planning bike lanes, or figuring out deployment patterns in different neighborhoods, or dealing with complaints about devices that are parked in the wrong place, or monitoring compliance with permit requirements,” states the lawsuit. “What it is good for is surveillance.”

    The outcome of this lawsuit will likely have far-reaching repercussions for a variety of industries, and determine the degree to which local governments do or don’t have the right to require real-time location data.

  • What Not to Do: TikTok Censors ‘Ugly,’ ‘Poor’ and ‘Disabled’

    What Not to Do: TikTok Censors ‘Ugly,’ ‘Poor’ and ‘Disabled’

    It may be the one of the hottest social media platforms, but TikTok is providing a template of what not to do.

    Reporting for The Intercept, Sam Biddle, Paulo Victor Ribeiro and Tatiana Dias say that the company behind TikTok has “instructed moderators to suppress posts created by users deemed too ugly, poor, or disabled for the platform, according to internal documents obtained by The Intercept.”

    TikTok has faced ongoing scrutiny over privacy and security concerns. The Pentagon released guidance instructing military personnel to delete the app, and the company faces a lawsuit in California over allegations it uploaded videos to China without user consent. The app has also been dogged by censorship concerns and even announced a Transparency Center, for critics to analyze how the company moderates posts.

    According to The Intercept, “moderators were also told to censor political speech in TikTok livestreams, punishing those who harmed ‘national honor’ or broadcast streams about ‘state organs such as police’ with bans from the platform.” The policy also called for TikTok moderators “to suppress uploads from users with flaws both congenital and inevitable. ‘Abnormal body shape,’ ‘ugly facial looks,’ dwarfism, and ‘obvious beer belly,’ ‘too many wrinkles,’ ‘eye disorders,’ and many other ‘low quality’ traits are all enough to keep uploads out of the algorithmic fire hose. Videos in which ‘the shooting environment is shabby and dilapidated,’ including but ‘not limited to … slums, rural fields’ and ‘dilapidated housing’ were also systematically hidden from new users, though ‘rural beautiful natural scenery could be exempted,’ the document notes.”

    Although a TikTok spokesman said the measures were anti-bullying policies that were no longer in effect, the documents The Intercept reviewed explicitly cited subscriber growth as the real reason.

    Given TikTok’s ongoing privacy and security issues, not to mention this kind of mismanagement and missteps, it’s probably a safe bet that TikTok’s growth may be about to experience a slowdown.

  • RSF Creates ‘The Uncensored Library’ In Minecraft

    RSF Creates ‘The Uncensored Library’ In Minecraft

    Minecraft is already one of the most successful video games in the world, but now it’s also serving to help preserve information in its uncensored form.

    Minecraft is a nearly infinite, open-world game that lets users create virtually anything they can image. Rather than creating a building or scene from a movie or TV show, NGO Reporters Without Borders (RSF) has created a virtual library to house works that were originally censored in their countries of origin.

    “Minecraft is a favourite – one of the world’s most successful computer games, with more than 145 million active players every month,” reads the statement. “Here communities can build entire worlds out of blocks, experience the freedom of an open world. Its creative mode is often described as ‘digital Lego’. In these countries, where websites, blogs and free press in general are strictly limited, Minecraft is still accessible by everyone.

    “Reporters Without Borders (RSF) used this backdoor to build ‘The Uncensored Library’: A library that is now accessible on an open server for Minecraft players around the globe. The library is filled with books, containing articles that were censored in their country of origin. These articles are now available again within Minecraft hidden from government surveillance technology inside a computer game. The books can be read by everyone on the server, but their content cannot be changed. The library is growing, with more and more books being added to overcome censorship.”

    RSF’s ingenious use of Minecraft is a perfect example of the innovative ways technology—including video games—can be used to address serious issues. According to the RSF, “the Uncensored Library is accessible through Minecraft with the server address: visit.uncensoredlibrary.com.”

  • France Will Not Ban Huawei From Networks

    France Will Not Ban Huawei From Networks

    Despite U.S. pressure, France has decided to allow Huawei equipment in its 5G networks.

    According to sources who spoke exclusively to Reuters, French cybersecurity agency ANSSI will tell wireless providers to what degree they can use Huawei’s equipment.

    “They don’t want to ban Huawei, but the principle is: ‘Get them out of the core mobile network’,” one of Reuters’ sources said.

    Although not yet official, France’s decision would mirror that made by the UK, where Huawei was permitted in a limited role. The British government decided to allow Huawei equipment to comprise up to 35% of networks, while excluding it from the core network and anywhere near military bases or nuclear sites. The hope is that by keeping the company out of the core network, any security risks can be mitigated.

    The decision is another loss in the U.S. campaign to isolate the Chinese firm amid claims it serves as a spying arm for the Chinese government.

  • Vermont Sues Clearview AI For Breaking Data Laws

    Vermont Sues Clearview AI For Breaking Data Laws

    Vermont Attorney General Donovan has filed a lawsuit against Clearview AI, claiming the facial recognition firm has broken multiple state laws.

    Clearview AI has scraped millions of websites to amass a database of some 3 billion photos, on which it uses artificial intelligence to analyze. The company then makes its software available to law enforcement agencies. Despite its claims of being responsible with the data it collects, recent revelations have shown that nothing could be further from the truth.

    Clearview was caught using its software to monitor when police officers spoke with journalists and discourage them from doing so. The company’s plans to expand and form partnerships with authoritarian regimes was leaked, only to have its client list stolen, showing such expansion plans were already underway. Clearview also has claimed it only makes its software available to law enforcement and security personnel when, in fact, a wide array of investors and other individuals have had access and used the app for their own purposes.

    Now Vermont’s AG is taking measures to call the company to account. The complain, “alleges violations of the Vermont Consumer Protection Act and the new Data Broker Law. Along with the complaint, the State filed a motion for preliminary injunction, asking the Court to order Clearview AI to immediately stop collecting or storing Vermonters’ photos and facial recognition data.”

    AG Donovan did not mince any words in denouncing the company’s practices.

    “I am disturbed by this practice, particularly the practice of collecting and selling children’s facial recognition data,” Attorney General Donovan said. “This practice is unscrupulous, unethical, and contrary to public policy. I will continue to fight for the privacy of Vermonters, particularly our most vulnerable.”

    It’s safe to say individuals around the country will be rooting for AG Donovan.

  • TikTok Plans Transparency Center, Tries to Dispel Censorship Claims

    TikTok Plans Transparency Center, Tries to Dispel Censorship Claims

    TikTok has announced the upcoming launch of a new Transparency Center, aimed at pulling the curtain back on the platform’s moderation efforts.

    TikTok has faced ongoing scrutiny over privacy concerns, with at least one lawsuit alleging the company secretly recorded videos and uploaded them to servers in China. Concerns over the app prompted the Department of Defense (DOD) to instruct all personnel to uninstall the app, and for Reddit’s CEO to label the social media app “fundamentally parasitic.”

    In an effort to address concerns, including allegations it censors users, TikTok is launching its Transparency Center where outside experts will have “an opportunity to directly view how our teams at TikTok go about the day-to-day challenging, but critically important, work of moderating content on the platform.

    “Through this direct observation of our Trust & Safety practices, experts will get a chance to evaluate our moderation systems, processes and policies in a holistic manner.”

    Although the Transparency Center initially focuses on censorship, it will eventually help address other security and privacy concerns as well.

    “The Transparency Center will open in early May with an initial focus on TikTok’s content moderation. Later, we will expand the Center to include insight into our source code, and our efforts around data privacy and security. This second phase of the initiative will be spearheaded by our newly appointed Chief Information Security Officer, Roland Cloutier, who starts with the company next month.”

  • British Government Facing Rebellion Over Huawei 5G

    British Government Facing Rebellion Over Huawei 5G

    Following the UK’s decision to include Huawei in its 5G networks in a limited role, a group of Tory MPs tried to pass an amendment to stop the firm’s involvement.

    According to a BBC report, former party leader Sir Iain Duncan Smith proposed the amendment to the Telecommunications Infrastructure Bill, an amendment that would have required “high-risk vendors” to be banned from the country’s 5G architecture by the end of 2022. The amendment was defeated by 24 votes, but it signals that Prime Minister Johnson’s own party is divided on the decision.

    Of the Five Eyes countries—the U.S., UK, Australia, New Zealand and Canada—that share intelligence, the U.S., Australia and New Zealand have already banned the Chinese firm. Canada is still undecided, making the U.K. the only country that has welcomed its involvement, albeit in a limited role. As part of the decision to allow Huawei’s participation, the government agreed to limit it to 35% of network equipment and restrict it from the core network, or from being installed near military bases or nuclear sites.

    If this recent vote was any indication, the company’s role in the UK’s future networks is far from resolved.

  • Not So Fast: Amazon Likely to Win Defense Contract Lawsuit

    Not So Fast: Amazon Likely to Win Defense Contract Lawsuit

    U.S. Court of Federal Claims Judge Patricia Campbell-Smith says Amazon is likely to win its lawsuit challenging Microsoft’s win of a coveted Pentagon contract.

    Last year Microsoft surprised Amazon, and industry insiders alike, by securing the Joint Enterprise Defense Infrastructure Cloud (JEDI) contract from the U.S. Department of Defense (DOD), worth some $10 billion. Many believed Amazon was all but guaranteed to win the contract, given its long history of working on sensitive projects for the government. In addition, at the time the contract was awarded, Amazon was the only company to have the coveted Impact Level 6 security clearance, although Microsoft was awarded it shortly thereafter.

    Amazon almost immediately launched a lawsuit to overturn the contract award, claiming improper interference by President Trump, who allegedly told then-Defense Secretary James Mattis to “screw Amazon.” Amazon was successful in getting a temporary injunction, preventing Microsoft from beginning work on the contract, which was slated to begin February 13.

    According to U.S. News & World Report, although she did not address Trump’s comments, “Campbell-Smith wrote Amazon ‘is likely to succeed on the merits of its argument that the DOD improperly evaluated’ a Microsoft price scenario. She added Amazon is likely to show that Microsoft’s scenario was not ‘technically feasible’ as the Pentagon assessed.”

    Given that Microsoft is already counting on a halo effect from winning the contract, having the Pentagon’s decision overturned would be a big loss for the company.

  • Microsoft Exchange Vulnerability Being Actively Exploited

    Microsoft Exchange Vulnerability Being Actively Exploited

    Cybersecurity firm Volexity is warning that a serious security vulnerability in Microsoft Exchange is being actively exploited by bad actors.

    The vulnerability in question was addressed as part of Patch Tuesday on February 11, 2020. The cumulative update and service pack “addressed a remote code execution vulnerability found in Microsoft Exchange 2010, 2013, 2016, and 2019. The vulnerability was discovered by an anonymous security researcher and reported to Microsoft by way of Trend Micro’s Zero Day Initiative. Two weeks after the security updates were released, the Zero Day Initiative published a blog post providing more details on the vulnerability.”

    Since the Zero Day Initiative published its post, Volexity has witnessed advanced persistent threat (APT) actors exploiting this vulnerability in the wild. In an interview with Forbes’ Zack Doffman, Volexity said that “all the cases we’ve seen so far have been based out of China—multiple different Chinese-based APTs.”

    Volexity concluded by saying that “the latest Microsoft Exchange ECP vulnerability has provided attackers with another opportunity to break into organizations where they may previously have been unsuccessful. Staying current with patches is the best defense for an organization. Fortunately, this vulnerability does require a compromised credential to exploit and, as a result, will stave off widespread automated exploitation such as those that often deploy cryptocurrency miners or ransomware. However, more motivated attackers now have a way to compromise a critical piece of the IT infrastructure if it is not updated. If you have not already, apply these security updates immediately and look for signs of compromise.”

    As Volexity highlights, the best defense is to make sure Exchange is patched with the latest security updates and keep installations current.

  • Australia Taking Facebook to Court Over Privacy

    Australia Taking Facebook to Court Over Privacy

    The Australian Information Commissioner has launched legal proceedings against Facebook, accusing the company of repeated breaches of privacy law.

    Facebook allegedly used the personal information of 311,127 Australians, collected through the app This is Your Digital Life, for purposes other than advertised, including disclosing it for political profiling.

    “We consider the design of the Facebook platform meant that users were unable to exercise reasonable choice and control about how their personal information was disclosed,” said Australian Information Commissioner and Privacy Commissioner Angelene Falk in a statement.

    “Facebook’s default settings facilitated the disclosure of personal information, including sensitive information, at the expense of privacy.

    “We claim these actions left the personal data of around 311,127 Australian Facebook users exposed to be sold and used for purposes including political profiling, well outside users’ expectations.”

    If the lawsuit is successful, the court could impose a penalty of A$1,700,000 ($1.1 million) per instance. Should Facebook face the maximum penalty for all 311,127 instances, the total fine would be A$529 billion.

  • FCC Moving to Require Carriers to Fight Robocalls

    FCC Moving to Require Carriers to Fight Robocalls

    FCC Chairman Ajit Pai has unveiled a proposal to require carriers and telephone providers to fight robocalls, after being disappointed some did not voluntarily do so.

    “All of us are fed up with robocalls—including me,” said Chairman Pai. “We’ve taken many steps to stem the tide of spoofed robocalls. I’m excited about the proposal I’m advancing today: requiring phone companies to adopt a caller ID authentication framework called STIR/SHAKEN. Widespread implementation will give American consumers a lot more peace of mind when they pick up the phone. Last year, I demanded that major phone companies voluntarily deploy STIR/SHAKEN, and a number of them did. But it’s clear that FCC action is needed to spur across-the-board deployment of this important technology. There is no silver bullet when it comes to eradicating robocalls, but this is a critical shot at the target.”

    Spoofing is a favorite of robocallers who will make their number appear as if it is from the same area code or exchange as the person they’re calling, making it more likely the receiver will pick up. STIR/SHAKEN is a protocol that helps carriers verify the identify of a caller to ensure the number is not being spoofed. If the call spans carriers, the originating carrier passes on the verification to the receiving carrier, and a “Call Verified” badge will show up on the receiver’s caller ID.

    The FCC had previously recommended that carriers begin implementing STIR/SHAKEN but, based on Chairman Pai’s proposal, some of them did not comply. Verizon, T-Mobile, Sprint and AT&T have all committed to supporting the protocol.

  • DuckDuckGo Releases Tracker Radar to Expose Hidden Tracking

    DuckDuckGo Releases Tracker Radar to Expose Hidden Tracking

    DuckDuckGo is the preeminent privacy-oriented search engine and the company is taking it a step further by releasing a tool to help expose hidden tracking.

    As the company points out, a quality tracking blocker is critical to online privacy. Without one, advertisers can amass a shocking amount of detail about web users, including location history, browsing history, shopping history and more. Combining the data they collect can even give them a pretty good idea of exactly how old a user is, their ethnicity, preferences and habits.

    When the company started exploring possibilities, it was not happy with the state of current options.

    “When we set out to add tracker protection, we found that existing lists of trackers were mostly manually curated, which meant they were often stale and never comprehensive,” reads the company’s announcement. “And, even worse, those lists sometimes break websites, which hinders mainstream adoption. So, over the last couple of years we built our own data set of trackers based on a crawling process that doesn’t have these drawbacks. We call it DuckDuckGo Tracker Radar. It is automatically generated, constantly updated, and continually tested.

    “Today we’re proud to release DuckDuckGo Tracker Radar to the world, and are also open sourcing the code that generates it. This follows our recent release of our Smarter Encryption data and crawling code (that powers the upgraded website encryption component in our apps and extensions).

    “Tracker Radar contains the most common cross-site trackers and includes detailed information about their tracking behavior, including prevalence, ownership, fingerprinting behavior, cookie behavior, privacy policy, rules for specific resources (with exceptions for site breakage), and performance data.”

    Tracker Radar is included in DuckDuckGo’s Privacy Browser for iOS and Android, as well as the Privacy essentials browser extension for Safari, Firefox and Chrome on the desktop. Developers can also download Tracker Radar and include it in their own tools.

  • Canada Undecided On Huawei, Will Not ‘Get Bullied’

    Canada Undecided On Huawei, Will Not ‘Get Bullied’

    Canada’s Minister of Innovation, Science and Industry, Navdeep Bains, has said the country will not be pressured into make a decision on Huawei.

    Canada is part of the Five Eyes group of countries that work closely on intelligence. Of the group, the U.S., Australia and New Zealand have banned Huawei from their 5G networks, while the UK has opted to include the Chinese firm in a limited role. Canada has yet to decide, but is warning the country must do what is best for itself.

    According to Bloomberg, Bains told the Canadian Broadcasting Corp. “We will make sure that we proceed in a manner that’s in our national interest. We won’t get bullied by any other jurisdictions.”

    “Countries have raised their concerns. We’re engaged with our Five Eyes partners. We know that this is a very important issue,” he added. “But we will make a decision that makes sense for Canadians and protects Canadians.”

    The U.S. has been pressuring its allies, both in the Five Eyes and EU, to ban Huawei. It’s safe to say the U.S. certainly wants to win over its closest ally geographically but, based on Bains’ remarks, that may be easier said than done.