WebProNews

Tag: Privacy

  • TikTok Releases Transparency Report In Effort To Quell Concerns

    TikTok Releases Transparency Report In Effort To Quell Concerns

    TikTok has released its first ever transparency report amid increasing scrutiny related to privacy and censorship, according to NBC News.

    TikTok has been in the news a lot lately, and not in the way any company wants to be. The Department of Defense recently released guidance instructing personnel to delete the app, with both the Navy and Army following suit.

    Its problems have also included a lawsuit alleging the app created an account and uploaded videos and face scans to servers in China. The plaintiff alleges that, while they downloaded the app, they had never set up an account.

    In view of the concerns, “Senate Democratic leader Chuck Schumer of New York and Sen. Tom Cotton, R-Ark., a member of the Armed Services and Intelligence committees, sent a letter asking Joseph Maguire, the acting director of national intelligence, to assess TikTok and other China-based companies for potential security risks.”

    In an effort to address those concerns, TikTok has released its first transparency report detailing the worldwide government requests it received in the first half of 2019. India took the top spot, with the U.S. coming in second. The company has vowed to continue releasing transparency reports moving forward.

    Notably, China is not listed in the report, although the company says it does not operate there and that data for American users is stored in the U.S.

  • Huawei Will Take Part In India 5G Trials

    Huawei Will Take Part In India 5G Trials

    Despite allegations that Huawei represents a major security risk, India is set to include the company in 5G trials, according to the International Business Times.

    Huawei is facing pressure around the world due to concerns it represents a way for China to spy on foreign governments and corporations. While all Chinese companies are required to cooperate with Beijing, Huawei is known for having closer ties than many companies.

    As a result of these concerns, the U.S. has banned Huawei and engaged in a campaign to pressure its allies to do the same. In spite of that, India plans to include the telecommunications equipment company in upcoming 5G trials.

    “We have taken the decision to give 5G spectrum for trial to all the players,” Ravi Shankar Prasad, India’s telecom minister, said late Monday.

    Given the size of the Indian market, if Huawei is able to secure a sizable stake, it should help the company offset losses from the U.S. and other Western countries.

  • Google ‘Unrecognizable’ To Company Veterans

    Google ‘Unrecognizable’ To Company Veterans

    Google has undergone a number of major changes over the years, not the least of which is the two founders stepping down from their roles. Many of those changes have caused the company to be virtually “unrecognizable” to many Google veterans, according to CNBC.

    For many workers who spoke with CNBC, 2018 was a pivotal year that showed how much things had changed. Project Dragonfly became public knowledge, exposing Google’s attempt to build a censored search engine for China. In a company that had long treasured a reputation for open communication with its employees, the project had been kept on a need-to-know basis.

    Despite ending the project when employees expressed concern about the ethics of it, for many the damage had already been done.

    “There’s no way a few years before, they would have had a secret project with these kinds of ethical concerns,” Raph Levien, a former level 6 engineer who left Google after 11 years, told CNBC. “It crossed the line and felt misleading. It definitely felt like this was Google changing.”

    Another factor that has hurt the company’s reputation internally is how it has handled sexual abuse allegations, paying executives millions in severance packages despite allegations. The size of the company has also played a role, as it is much harder for a company of “more than 100,000 workers, many of whom are contractors instead of full-time employees,” to maintain the culture it started with.

    One thing is clear, based on CNBC’s report: For a company that is already in the spotlight for privacy issues and antitrust concerns, an internal breakdown of the very culture that made Google what it is, is the last thing the company needs.

  • Brazil Fines Facebook Over Cambridge Analytica Scandal

    Brazil Fines Facebook Over Cambridge Analytica Scandal

    Bloomberg is reporting that Brazil has levied a $1.6 million fine on Facebook for its role in the Cambridge Analytica scandal.

    The fine is the result of an investigation that began in April 2018, finding that Facebook illegally shared data for some 443,000 users.

    “It’s evident that the data of about 443,000 users of the platform were made available by the developers of the app ‘thisisyourdigitallife’ for reasons that are at least questionable,” Brazil’s justice ministry said in a statement.

    Facebook has said there is no evidence the data from Brazilian users was transferred to Cambridge Analytica, but the justice ministry said Facebook and its local unit failed to prove that less users were impacted.

    As Bloomberg points out, Facebook agreed in July to pay a $5 billion fine to the U.S. Federal Trade Commission. It is not clear if Facebook will immediately pay the Brazilian fine or fight it, however. The company simply said “we are currently evaluating our legal options in this case.”

  • U.S. Army Reverses Course, Bans TikTok

    U.S. Army Reverses Course, Bans TikTok

    TikTok has been under increasing scrutiny, with allegations it represents a national security threat. Following guidance from the Pentagon, the U.S. Army has officially banned the app, according to Military.com.

    TikTok has surged in popularity in the U.S., and military personnel are no exception. In fact, as Military.com points out, Army recruiters have been using the app to help reach Generation Z.

    The Department of Defense (DoD) recently issued guidance on mobile phone security, mentioning TikTok specifically. The DoD guidance tells employees to “be wary of applications you download, monitor your phones for unusual and unsolicited texts etc., and delete them immediately and uninstall TikTok to circumvent any exposure of personal information.”

    Following that guidance, the U.S. Army has officially banned the app from personnel phones.

    “It is considered a cyber threat,” Army spokeswoman, Lt. Col. Robin Ochoa, told Military.com. “We do not allow it on government phones.”

    Evidence suggests all individuals, not just military personnel, should be wary of the social media app. A recent lawsuit in California accuses the app of secretly analyzing videos and images without consent, and uploading them to servers in China.

  • Amazon and Ring Sued In Federal Court Over Failure to Secure Cameras

    Amazon and Ring Sued In Federal Court Over Failure to Secure Cameras

    TMZ is reporting that Ring and its parent company, Amazon, are being sued in federal court in California, claiming they have failed to protect users.

    Ring made headlines a couple of weeks ago when a number of cameras where hacked. In one particularly disturbing incident, a camera in an 8 year-old girl’s room was hacked, with the hacker talking to her, claiming to be her best friend. There have been other incidents as well, with a woman woken by a hacker shouting at her and a couple subjected to racist comments about their son.

    To make matters worse, VICE tested the Ring devices and found their security was abysmal. There was no way to see if anyone else was logged in to the camera, nor was there a log of who had accessed the device in the past. In other words, once a camera is hacked, there is virtually no way of knowing it has been compromised.

    The lawsuit’s plaintiff, John Baker Orange, seems to have a similar story as the other hacking incidents. He claims that “someone hacked into his outdoor security cameras and started commenting on his kids who were playing basketball … encouraging them to get closer to the camera.” If the claim is true, it could be the earliest known example of Rings being maliciously hacked, as Orange claims the incident occurred last July.

    For a company specializing in security hardware, failure to provide basic security measures is beyond abysmal—it is unforgivable. It’s a safe bet this won’t be the first lawsuit Ring and Amazon face.

  • Pentagon Warns Military Personnel Not to Use Home DNA Kits

    Pentagon Warns Military Personnel Not to Use Home DNA Kits

    NBC News is reporting that the Pentagon has told military personnel not to use home DNA testing kits.

    According to a memo NBC News obtained, “Under Secretary of Defense for Intelligence Joseph Kernan and James Stewart, acting Under Secretary of Defense for Personnel and Readiness, said that DNA testing companies were targeting military members with discounts and other undisclosed incentives.”

    The memo expressed concern that DNA companies’ policies may post a greater risk to military personnel than the general population. Inaccurate medical analysis impacting military medical disclosures, data being sold to third parties, data being used for surveillance and the possibility of tracking people without their consent were some of the specific concerns mentioned.

    Experts have for some time been warning about the privacy implications of home DNA testing kits and the companies behind them. The fact that the Pentagon is taking such a strong stand certainly adds weight to those concerns.

  • ToTok Removed From Apple and Google Stores Amid Claims It’s a Government Spying App

    ToTok Removed From Apple and Google Stores Amid Claims It’s a Government Spying App

    ToTok was released only months ago and has climbed the charts to become one of the most popular messaging apps in Britain, India, Saudi Arabia and Sweden, as well as becoming one of the most downloaded social media apps in the U.S. last week.

    According to a report by the New York Times, however, the app is actually a spying tool for the United Arab Emirates government, giving it the ability to “track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.” The allegation is based on American officials who were aware of classified intelligence, as well as the NYT’s own investigation.

    The app is distributed by a company called Breej Holding. However, investigation indicates the firm is likely a front company associated with DarkMatter, a cyberintelligence and hacking firm located in Abu Dhabi. DarkMatter is staffed with individuals who previously worked for the NSA, Israeli intelligence and Emirate intelligence, and is under FBI investigation for possible cyber crimes.

    In the wake of these revelations, both Apple and Google have removed the app from their respective stores. ToTok released a post to their user community to address the allegations, but stopped short of denying them outright. In fact, their privacy policy expressly says they may share data with “group companies,” as well as “to comply with a legal obligation to which we are subject.” Either of those clauses come into play if the allegations are correct and the app is actually backed by the government.

    As the NYT comments, this is a significant “escalation in a digital arms race among wealthy authoritarian governments.” Whereas many governments have banned apps like WhatsApp and Signal, since they employ end-to-end encryption, the UAE took it a step further by lulling their citizens into a false sense of security with an app deliberately designed to spy on them and anyone else using it.

  • Millions of Child-Tracking Smartwatches Exposed In Flaw

    Millions of Child-Tracking Smartwatches Exposed In Flaw

    TechCrunch has reported on a vulnerability in GPS-enabled smartwatches for kids that could allow anyone to track them.

    In an exclusive release to TechCrunch, security firm Pen Test Partners detailed their findings. The researchers found a vulnerability in the cloud platform developed by a Chinese firm called Thinkrace.

    Not only does Thinkrace manufacture and sell its own line of child-tracking smartwatches, but it is also a white-label manufacturer. In other words, it manufactures devices that are relabeled and sold by other companies under different names and brands. All told, Thinkrace makes some 360 different devices, totaling at least 47 million units.

    “Often the brand owner doesn’t even realize the devices they are selling are on a Thinkrace platform,” Ken Munro, founder of Pen Test Partners, told TechCrunch.

    Because all Thinkrace devices use their cloud platform, all of them—regardless of what companies they’re branded under—are vulnerable.

    According to TechCrunch, “each tracking device sold interacts with the cloud platform either directly or via an endpoint hosted on a web domain operated by the reseller. The researchers traced the commands all the way back to Thinkrace’s cloud platform, which the researchers described as a common point of failure.

    “The researchers said that most of the commands that control the devices do not require authorization and the commands are well documented, allowing anyone with basic knowledge to gain access and track a device. And because there is no randomization of account numbers, the researchers found they could access devices in bulk simply by increasing each account number by one.”

    Perhaps most disturbing, because Thinkrace watches allow parents and children to talk to each other, walkie-talkie-style, “researchers found that the voice messages were recorded and stored in the insecure cloud, allowing anyone to download files.”

    Worse yet, the researchers told TechCrunch that the most common commands are well documented and do not require authorization, leaving them virtually wide open for anyone to access. Account numbers are also in sequential order, rather than randomized, meaning that with a single account number a hacker could keep accessing other devices by increasing or decreasing the account number a digit at a time.

    Pen Test Partners discovered the vulnerabilities and notified the affected companies in 2015 and 2017, giving manufacturers time to address the issues. While some did, unfortunately many did not. Even those companies that implemented fixes saw some of them undone at a later date.

    The lack of definitive action to address these vulnerabilities prompted Pen Test Partners to finally go public with their findings in the interest of warning people about the danger of Thinkrace’s devices.

    It continues to be utterly shocking how irresponsible companies can be in handling user data, not to mention data involving children. Needless to say, any individual—and especially parents—using a Thinkrace device should stop immediately.

  • Google and Facebook Face Tougher Rules in the UK Over Ad Dominance

    Google and Facebook Face Tougher Rules in the UK Over Ad Dominance

    According to Reuters, the UK’s Competition and Markets Authority (CMA) delivered a mixed bag of news for Google and Facebook.

    On the one hand, the CMA indicated a reluctance to subject the two tech companies to more in-depth investigations, saying that ‘big’ did not necessarily equal ‘bad.’ On the other hand, the agency did indicate more regulation was in order to prevent abuses, especially given how much the two companies dominate the UK online ad market.

    The CMA found that “Google earned more than 90% of all revenue for search advertising in Britain in 2018, with revenue of about 6 billion pounds, and Facebook accounted for almost half of all display advertising last year.”

    Facebook indicated it was “fully committed” to working with the CMA and touted its tools to give people control over their data.

    “We agree with the CMA that people should have control over their data and transparency around how it is used,” according to a company spokesman.

    Of course, in the U.S., Facebook just admitted to senators that it continues to track individuals even if they have location tracking turned off and uses that information to sell ads. In view of that, it would seem the CMA’s concerns about more regulation being required is well-founded.

  • Microsoft Slips Ads Into Windows 10 and This Time They Can’t Be Disabled

    Microsoft Slips Ads Into Windows 10 and This Time They Can’t Be Disabled

    MSPoweruser is reporting that Microsoft has—once again—slipped ads into Windows 10 apps, including Mail and Calendar. Unlike previous instances, however, this time the ads cannot be disabled.

    The last time Microsoft placed ads in their flagship apps was over a year ago, in November 2018. At the time, the ads were labeled an “experiment,” and did not display for paid Office 365 subscribers. In contrast, this time around, the ads are displaying for all users.

    According to MSPoweruser, when asked about the ads, Microsoft said:

    “The ads within the app itself will be displayed regardless of which email address you use it with. It is not removable, but you can submit it as a suggestion within the Feedback Hub on Windows 10 here: https://msft.it/6012TVPXG.”

    It’s one thing for companies who provide free software and services to support those offerings with advertising. It’s entirely another, however, for paying users of premium software to be subjected to ads, let alone ones that cannot be disabled. Microsoft is setting a horrible precedent with this decision.

    For a company that has taken admirable steps of late to respect users and protect their rights, hopefully they will reverse this abysmal policy.

  • Greenland Choosing Ericsson Over Huawei For 5G Network

    Greenland Choosing Ericsson Over Huawei For 5G Network

    According to Reuters, Greenland’s state telecoms operator Tele Greenland has said it will use Ericsson equipment for its 5G rollout instead of Huawei.

    “5G is coming to Greenland, but no date has been set for this yet. We do not see Huawei as a possible supplier of (Tele Greenland’s) 5G network,” CEO Kristian Reinert Davidsen told broadcaster KNR.

    Ericsson also provided the 4G equipment Tele Greenland currently uses. The news comes on the heels of Norwegian wireless carrier Telenor announcing it would phase out Huawei’s equipment in favor of Ericsson, as well as reports earlier this year that Danish carrier TDC would go with the Swedish company over Huawei.

    Huawei is facing continued scrutiny over allegations its equipment provides a way for Beijing to spy on other countries. Despite some high-profile gains, the company has struggled to shake the perception that it poses an ongoing security risk.

  • Facebook Defends Tracking Users Even They Opt Out

    Facebook Defends Tracking Users Even They Opt Out

    According to The Hill, Facebook has admitted to senators that it ignores users’ settings and continues to track their location in order to profit off of that information.

    Senators Christopher Coons (D-Del.) and Josh Hawley (R-Mo.) had questioned how the social media giant handled location tracking, specifically whether it continued to track individuals even if they turned location tracking off. In reply to the senators’ request, Facebook’s deputy chief privacy officer, Rob Sherman, indicated that the company continues to use other means at its disposal to track users, regardless of their location sharing settings.

    “When location services is off, Facebook may still understand people’s locations using information people share through their activities on Facebook or through IP addresses and other network connections they use,” Sherman wrote.

    Sherman went on to add that as people use Facebook, they often leave indicators of their activities, such as checking in at a restaurant, location-tagging a photo or appearing in a friend’s photo, all of which the company uses to continue tracking them. In addition, the company uses this indirect tracking information to keep providing targeted ads based on that location data, even if location tracking is turned off on their phone.

    Needless to say, the senators were not pleased with this admission and had strong words regarding the company’s behavior.

    “Facebook claims that users are in control of their own privacy, but in reality, users aren’t even given an option to stop Facebook from collecting and monetizing their location information,” Coons said. “The American people deserve to know how tech companies use their data, and I will continue working to find solutions to protect Americans’ sensitive information.”

    “There is no opting out. No control over your personal information,” Hawley tweeted. “That’s Big Tech. And that’s why Congress needs to take action.”

  • Senators Express Alarm Over FBI Secretly Demanding Data From Credit Agencies

    Senators Express Alarm Over FBI Secretly Demanding Data From Credit Agencies

    Documents have come to light exposing the FBI’s practice of secretly demanding information about Americans from Equifax, Experian and TransUnion.

    According to a report by TechCrunch, the FBI has been using “legal powers — known as national security letters — to compel credit giants to turn over non-content information, such as records of purchases and locations, that the agency deems necessary in national security investigations. But these letters have no judicial oversight and are typically filed with a gag order, preventing the recipient from disclosing the demand to anyone else — including the target of the letter.”

    Tech companies have been dealing with national security letters for some time but, following the Edward Snowden revelations, the laws were changed in 2015 to give companies the right to petition for release from the gag orders. As a result, tech companies routinely publish transparency reports, disclosing how many times the government has requested their assistance.

    In the wake of these documents becoming public, at least three senators have expressed concern. Republican senator Rand Paul and Democratic senators Ron Wyden and Elizabeth Warren have written letters to the three credit agencies, questioning why the agencies have never disclosed the FBI’s requests.

    “Because your company holds so much potentially sensitive data on so many Americans and collects this information without obtaining consent from these individuals, you have a responsibility to be transparent about how you handle that data,” the letters said. “Unfortunately, your company has not provided information to policymakers or the public about the type or the number of disclosures that you have made to the FBI.”

    Senator Wyden, in particular, has been a vocal proponent of privacy protections and an equally vocal critic of questionable and illegal spying on American citizens. With these new revelations, it’s a safe bet there will be more inquiries and possible regulation to govern how the financial and credit information of Americans can be accessed and used.

  • Ring Users Should Update Their Passwords In the Wake of Multiple Hacks

    Ring Users Should Update Their Passwords In the Wake of Multiple Hacks

    In the wake of multiple hacking incidents, Ring is recommending users change their passwords, while at the same time reassuring users the company has not been compromised.

    In recent days, there have been multiple reports of Ring devices being hacked, with some terrifying results. In one case, a Ring device in an 8-year-old girl’s room was hacked. A man’s voice can be heard talking to the girl, claiming to be her friend. There have been similar incidents in Georgia, Florida and Texas.

    Following the reports, Ring investigated the incidents and found no evidence of unauthorized intrusions into their network or systems. According to the company, “malicious actors obtained some Ring users’ account credentials (e.g., username and password) from a separate, external, non-Ring service and reused them to log into some Ring accounts. Unfortunately, when people reuse the same username and password on multiple services, it’s possible for bad actors to gain access to many accounts.”

    The company goes on to recommend some common sense suggestions, including activating two-factor authentication; using strong passwords consisting of upper and lower-case letters, numbers and symbols; adding shared users rather than sharing credentials; regularly updating passwords and not using the same passwords for multiple services and apps.

    This latest issue is another example of how an increasingly interconnected world requires individuals to learn and practice cybersecurity best practices in order to keep themselves and their families safe.

  • Incognito Mode Comes to Google Maps For iOS

    Incognito Mode Comes to Google Maps For iOS

    Google has brought Incognito Mode to Google Maps for iOS, according to an announcement on the company’s website.

    According to the blog post, when Google Maps is in Incognito Mode, “the places you search for or navigate to won’t be saved to your Google Account and you won’t see personalized features within Maps, like restaurant recommendations based on dining spots you’ve been to previously. Using Incognito mode on your phone will not update your Location History, so the places you go won’t be saved to your Timeline.”

    Google has been working to address concerns about how it handles users’ private data, unveiling new ways for customers to interact with their data and manage what is stored. Incognito Mode is another step in the right direction, allowing individuals to keep their travels private.

  • New Chrome Feature Will Alert You If Your Password Is Stolen

    New Chrome Feature Will Alert You If Your Password Is Stolen

    In a blog post today, Google announced the addition of a significant security feature to Chrome, one that will alert users if their password has been stolen.

    With new data breaches occurring and being reported on a near-daily basis, people’s usernames and passwords are increasingly showing up for sale on the dark web. With many people reusing passwords across websites, a single compromised website can leave individuals vulnerable across a myriad of sites and services.

    First introduced earlier this year as an extension named Password Checkup, the feature has been rolled into Chrome’s settings as part of its Safe Browsing features.

    “When you type your credentials into a website, Chrome will now warn you if your username and password have been compromised in a data breach on some site or app. It will suggest that you change them everywhere they were used.”

    Google’s post also discussed improvements to Safe Browsing’s anti-phishing features.

    “Google’s Safe Browsing maintains an ever-growing list of unsafe sites on the web and shares this information with webmasters, or other browsers, to make the web more secure. The list refreshes every 30 minutes, protecting 4 billion devices every day against all kinds of security threats, including phishing.

    “However, some phishing sites slip through that 30-minute window, either by quickly switching domains or by hiding from our crawlers. Chrome now offers real-time phishing protections on desktop, which warn you when visiting malicious sites in 30 percent more cases. Initially we will roll out this protection to everyone with the “Make searches and browsing better” setting enabled in Chrome.”

    These improvements are welcome additions to one of the most popular browsers in use and Google is to be commended for making Password Checkup an included feature, where more people will benefit from it.

  • DOJ Planning to Review Google-Fitbit Deal Over Privacy Concerns

    DOJ Planning to Review Google-Fitbit Deal Over Privacy Concerns

    According to the New York Post, the Department of Justice (DOJ) is planning to review the Google-Fitbit deal over concerns about consumer privacy.

    We reported last month that Google had agreed to acquire Fitbit for $2.1 billion. As part of the announcement, Google did its best to reassure current users that it would respect their privacy and that their personal data would not be sold to third parties or be used for advertising. A couple of weeks later, it came to light that Facebook had also been interested in the wearable company, losing out in a bidding war against Google. At the end of that article, we made the following observation:

    “While some users have understandably been concerned about privacy in the wake of the announcement Google was purchasing Fitbit, it’s probably a safe bet that far more users would be concerned if Facebook was the buyer.”

    Evidently, the fact that Google is buying Fitbit instead of Facebook is not enough of a consolation prize to prevent regulatory scrutiny. In fact, according to the New York Post, both the DOJ and the Federal Communications Commission (FCC) wanted to review the deal, with one source describing it “as a real ‘arm wrestle’ between the agencies.”

    Both agencies are concerned with the privacy implications, given the amount of data Google already has about people’s lives. They fear that allowing Google to purchase Fitbit will give them too much data, especially sensitive health information. Google is already under scrutiny for Project Nightingale, Google’s partnership with the Ascension healthcare group to collect data on millions of patients.

    While the FTC has usually investigated Google’s past deals, the DOJ won out this time due to the fact they are “presently investigating Google for broader anti-competitive issues.”

    Although it’s too early to know how the DOJ will rule, the Public Citizen and the Center for Digital Democracy had previously urged the FTC to block the merger. With increased scrutiny on Google’s handling of customer data, it may be an uphill battle to close the Fitbit deal.

  • Apple Threatens to Leave Russia in 2020, Citing Russian Software Demands

    Apple Threatens to Leave Russia in 2020, Citing Russian Software Demands

    The International Business Times (IBT) is reporting that Apple may leave the Russian market next year in response to a new law requiring Russian software alternatives be installed on electronic devices.

    The new law, which Putin signed on December 5, goes into effect on July 1, 2020. The law requires all computers, smartphones and smart TVs to have Russian applications pre-installed. As Reuters reports, electronic companies are pushing back on the law, although few as much as Apple.

    Apple has said the Russian law would require the equivalent of jailbreaking its software, something it has refused to do in the past. While the law’s proposed purpose is to allow local companies to better compete with the software that comes loaded on devices, critics believe any software the Russian government would insist be installed could, and likely would, be used to spy on people.

    According to IBT, “an unnamed Apple source allegedly informed Kommersant Business Daily that a mandate to include third-party applications to Apple’s ecosystem would be synonymous with jailbreaking. The Apple source also said that it might pose a security threat, and Apple would not tolerate such kind of risk. The Russian government will come up with a list of software and apps which tech firms are required to pre-install, as well as the list of devices covered by this new law, reports The Moscow Times.”

    For Apple, the stakes are far greater that just the Russian market. The company has made a name for itself as a staunch protector of privacy, going head-to-head with the FBI to fight attempts to force it to create backdoors in its software. If it gives in to Russia, it will set a dangerous precedent that other governments will no doubt seize upon.

  • New Google Chrome Feature May Drive Users to Firefox

    New Google Chrome Feature May Drive Users to Firefox

    The Register is reporting on a new feature in an upcoming version of Google Chrome that has privacy-conscious users worried. A recent API called getInstalledRelatedApps may allow websites to determine what apps are installed on a user’s device.

    At first glance, the API seems to have an admirable purpose. If users have both web and native applications installed, they could be bombarded by duplicate sets of notifications. If a website can determine that its native app is installed, it would then prioritize notifications for the native app. Unfortunately, the API doesn’t really seem to be aimed at improving the experience—not for the user at least.

    In response to a question from Opera developer Daniel Bratell, expressing concern about how this API would help users, Google engineer Rayan Kanso wrote:

    “Although this isn’t an API that would directly benefit users, it indirectly benefits them through improved web experiences,” Kanso wrote. “We received very positive OT [off-topic] feedback from partners using this API, and the alternative is them using hacks to figure whether their native app is installed.”

    In other words, this API is more about making it easier for web and app developers’ marketing needs than it is truly making users’ lives easier.

    The privacy implications are clear: If websites can determine what apps are installed on a person’s phone or tablet, it can provide a relatively complete picture, otherwise known as a fingerprint, about that person’s habits.

    As The Register points out, Peter Snyder, a privacy researcher at browser maker Brave, voiced his own concerns:

    “I don’t follow the claim about non-fingerprint-ability. If I’m a company with a large number of apps (e.g. google), with 16-32 apps registered in app stores, the subset of which apps any user has installed is likely to be a very strong semi-identifier, no, and so be extremely risky for the user / valuable for the fingerprinter, no?

    “Apologies if I’m misunderstanding, but this seems like a very clear privacy risk.

    Put differently, if this isn’t a privacy risk, whats the rational behind disallowing this in private browsing mode?”

    With browsers like Firefox and Safari placing an emphasis on privacy and security, it’s a safe bet this is yet another move that will drive users away from Chrome.

  • Apple Explains iPhone 11 Frequent Location Checking

    Apple Explains iPhone 11 Frequent Location Checking

    Apple has finally explained behavior that lead some to believe new iPhones or iOS 13.x had a privacy bug.

    Security researcher Brian Krebs discovered that the iPhone 11 Pro “intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data.” He originally contacted Apple on November 13 to report the problem.

    Earlier this week, Apple responded to Krebs by simply saying: “It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings.”

    Needless to say, this vague response is not what people want to hear from a company that has planted its flag on respecting user privacy. Fortunately, Apple has since issued a statement to KrebsOnSecurity, along other venues, providing more information.

    “Ultra Wideband technology is an industry standard technology and is subject to international regulatory requirements that require it to be turned off in certain locations. iOS uses Location Services to help determine if iPhone is in these prohibited locations in order to disable Ultra Wideband and comply with regulations. The management of Ultrawide Band compliance and its use of location data is done entirely on the device and Apple is not collecting user location data.”

    Ultra Wideband is used by AirDrop to enable users to share files from one iPhone to another. The technology gives iPhones “spatial awareness.” This is what makes it possible for users to “share a file with someone using AirDrop simply by pointing at another user’s iPhone.”

    While Apple does plan on allowing users to turn the feature off in the future, it is unknown when this will happen, especially since it involves working with government regulation.

    In any event it’s reassuring to know there is no breach of privacy in play. However, Apple could have saved itself—and its customers—a lot of headache by being more transparent in its initial response or, better yet, by documenting the feature before it became a concern.