WebProNews

Tag: Privacy

  • ‘Fool Me Once…’ — Clearview AI Promises to End Private Contracts

    ‘Fool Me Once…’ — Clearview AI Promises to End Private Contracts

    Clearview AI has promised it will end all contracts with private companies in the face of public backlash and lawsuits.

    Clearview made news as a facial recognition firm that had scraped billions of images from the web and social media, and then made them available for facial recognition searches. The company has repeatedly tried to portray itself as a responsible steward of the technology it has developed and is making available, initially claiming its service was only for law enforcement and government agencies.

    In short order, however, it has become apparent Clearview cannot be trusted. Reports surfaced that the company was selling its services internationally, including to oppressive regimes. One of the more disturbing revelations was that the company was monitoring the searches performed by law enforcement and using that information to try to discourage police from talking with journalists.

    Throughout it all, however, the company has continued to maintain that it only made its software available to law enforcement and select security personnel — only that wasn’t true. Reports showed the company had made its software available to a many private companies and individuals, including some who used it for their own personal benefit.

    According to BuzzFeed, in an effort to deal with the lawsuit it is facing in Illinois, the company is now promising it will cancel its contracts with private organizations.

    “Clearview is cancelling the accounts of every customer who was not either associated with law enforcement or some other federal, state, or local government department, office, or agency,” the company said in a filing BuzzFeed has seen. “Clearview is also cancelling all accounts belonging to any entity based in Illinois.”

    There’s only one problem with this promise: It comes from a company that has already proven itself to be dishonest, unscrupulous and completely untrustworthy. Here’s to hoping the judge sees right through this latest ploy.

  • Senators Will Introduce Coronavirus Data Privacy Bill

    Senators Will Introduce Coronavirus Data Privacy Bill

    A group of senators will introduce legislation to help protect consumer privacy as companies focus on using data to help combat COVID-19.

    Governments and companies around the world have turned to big data in an effort to map the spread of the coronavirus, and try to get ahead of it. One of the most publicized efforts is being undertaken by Apple and Google, as the two companies work on a contact tracing API. The API, and subsequent apps, will use anonymous Bluetooth keys to keep track of the phones an individual has been in close proximity with. If a person tests positive, each person that has been in contact with them over the previous 14 days will be notified they have been exposed and need to quarantine.

    Needless to say, many individuals have expressed concern over the privacy implications and, as a result, half of Americans have no intention of installing any contact tracing app.

    To help ease concerns, and protect the privacy of Americans, Senators Roger Wicker, John Thune, Jerry Moran and Marsha Blackburn have announced their intention to introduce a data privacy bill. The goal is to provide much-needed transparency and give consumers a measure of control over how their data will be used, as well as hold businesses accountable for how they use it.

    “While the severity of the COVID-19 health crisis cannot be overstated, individual privacy, even during times of crisis, remains critically important,” said Thune. “This bill strikes the right balance between innovation – allowing technology companies to continue their work toward developing platforms that could trace the virus and help flatten the curve and stop the spread – and maintaining privacy protections for U.S. citizens.”

    Here’s to hoping the legislation will help prevent abuses of consumer data.

  • Mozilla Unveils Email Aliases With Firefox Private Relay

    Mozilla Unveils Email Aliases With Firefox Private Relay

    Mozilla has announced it is working on Private Relay, an email alias generating service designed to protect user privacy.

    As more websites and services require email addresses to sign up, customers are often inundated with mailing lists and spam. Even worse, many companies play fast and loose with security, jeopardizing people’s privacy by not protecting their personal information, such as their email address. Some individuals maintain multiple addresses, specifically for the purpose of using one or more for purchases, signups and mailing lists.

    Mozilla, a longtime leader in internet privacy, wants to make the whole process a little easier with their Private Relay, a Firefox add-on that will allow users to create an email alias with a single click. The add-on will work with online forms, using the alias in the email field, and then forwarding any email to the person’s real email address. If the alias begins to receive unwanted emails, it can be disabled or deleted.

    This is a welcome feature that will make web browsing and email a little more private and secure.

  • Should Apple and Google CEOs Be Personally Responsible For Coronavirus Tracking App Privacy?

    Should Apple and Google CEOs Be Personally Responsible For Coronavirus Tracking App Privacy?

    In a letter to Apple CEO Tim Cook and Google CEO Sundar Pichai, Senator Josh Hawley wants both CEOs to take personal responsibility for customer privacy.

    Apple and Google recently announced their efforts to working on coronavirus tracking apps that will use a common API and eliminate the incompatibilities that often plague iOS and Android interaction. The apps will use Bluetooth and operate on a decentralized model to ensure user privacy.

    Despite assurances by both companies that every effort is being made to protect privacy, Senator Hawley is not convinced. In particular, Hawley is concerned the anonymized data could be paired with other datasets to identify individuals and is calling on Cook and Pichai to put their money where their mouth is, so to speak.

    “Americans are right to be skeptical of this project,” writes Hawley. “Even if this project were to prove helpful for the current crisis, how can Americans be sure that you will not change the interface after the pandemic subsides? Once downloaded onto millions of phones, the interface easily could be edited to eliminate previous privacy protections. And any privacy protection that is baked into the interface will do little good if the apps that are developed to access the interface also choose to collect other information, like real-time geolocation data. When it comes to sticking to promises, Google’s record is not exactly reassuring. Last year a Google representative had to admit, under oath, that Google still tracks location history even when a person turns location history off. As the Associated Press put it, ‘Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to.’”

    Interestingly, Hawley only makes mention of Google’s issues with privacy, as Apple has a well-earned reputation of being one of the strongest privacy advocates in the tech industry. Tim Cook has stated that Apple believes privacy is a fundamental human right, and the company’s actions support that claim. Even so, Hawley wants the executives of both companies to be personally liable for customer privacy, as it relates to any proposed coronavirus tracking app.

    “A project this unprecedented requires an unprecedented assurance on your part,” Hawley continues. “Too often, Americans have been burned by companies who calculated that the profits they could gain by reversing privacy pledges would outweigh any later financial penalty levied against the company. The last thing Americans want is to adopt, amid a global emergency, a tracking program that then becomes a permanent feature in our lives.

    “If you seek to assure the public, make your stake in this project personal. Make a commitment that you and other executives will be personally liable if you stop protecting privacy, such as by granting advertising companies access to the interface once the pandemic is over. The public statements you make now can be enforced under federal and state consumer protection laws. Do not hide behind a corporate shield like so many privacy offenders have before. Stake your personal finances on the security of this project.”

    The senator clearly voices concerns that millions of individuals have expressed in the wake of Apple and Google’s announcement. Hopefully, Senator Hawley’s letter will help ensure both companies do everything possible to protect user privacy.

  • Zoom Will Allow Hosts to Report Users

    Zoom Will Allow Hosts to Report Users

    In its ongoing efforts to beef up security, Zoom is preparing to allow hosts to report participants who misbehave.

    Zoom has become a critical component to individuals and organizations alike during the coronavirus pandemic. The company has, however, come under criticism for lax security and privacy, prompting many companies and organizations to ban the app. As a result, Zoom committed to a 90-day moratorium on new features while its engineering teams focused on security and privacy improvements.

    One of the biggest issues the company has been trying to address is Zoom-bombing, where an uninvited participant gains access to a meeting and commandeers it. Zoom-bombers have subjected legitimate participants to lewd drawings, racial slurs and more.

    According to notes on Zoom’s site, the company is releasing an update on April 26 that will allow hosts to report those participants who misbehave.

    Setting to allow host to report participants to Zoom

    Account owners and admins can now enable a setting to allow the host to report participants to Zoom. This feature will generate a report which will be sent to the Zoom Trust and Safety team to evaluate any misuse of the platform and block a user if necessary. This setting is available at the account, group, and user level and can be locked at the group or account level. This setting requires the Zoom client version which will be released on April 26, 2020.

    This is another welcome improvement to Zoom and should help improve the experience for all involved.

  • TikTok Adds Family Pairing to Help Protect Children

    TikTok Adds Family Pairing to Help Protect Children

    TikTok has launched Family Pairing, a new feature designed to give parents more control over their children’s accounts.

    TikTok has quickly risen to become one of the most widely downloaded apps on either the Apple App Store or Google Play Store. The company’s meteoric rise has not been without controversy. The company has been accused of uploading data to Chinese servers without user consent, and has been banned by numerous government agencies over security concerns.

    The company has promised to increase transparency and security measures in an effort to alleviate concerns. In its latest move, TikTok is working to help protect children and young people, by allowing parents to link their accounts to their children’s and have control over their settings.

    “Today, we are advancing our commitment to building for the safety of our users by introducing Family Pairing, which allows parents and teens to customize their safety settings based on individual needs,” reads the statement. “Family Pairing enhances our suite of safety tools and complements our work to provide greater access to product features as users reach key milestones for digital literacy. It is part of our continued work toward providing parents better ability to guide their teen’s online experience while allowing time to educate about online safety and digital citizenship.”

    Given its popularity, it’s good to see TikTok working to improve security and safety for children.

  • Zoom to Allow Paid Customers to Route Their Data

    Zoom to Allow Paid Customers to Route Their Data

    Beginning April 18, Zoom will allow paid subscribers to choose which region their data is routed through.

    Zoom has experienced unprecedented growth, quickly becoming the option of choice for videoconferencing as millions of people work from home. Despite its popularity, and in part because of it, the company has faced withering criticism for lapses in its security and privacy measures, prompting it to put a 90-day moratorium on new features in an effort to focus on privacy and security improvements. One such criticism is that some calls, as well as the encryption keys used to protect them, were routed through China—despite originating in North America.

    True to its promise to focus on beefing up security, Zoom has announced that paying customers will be able to choose where their calls and data are routed. The company began sending out emails to paid subscribers, notifying them of the change, on Monday.

    In a blog post, Zoom CTO Brendan Ittelson explained further:

    Beginning April 18, every paid Zoom customer can opt in or out of a specific data center region. This will determine the meeting servers and Zoom connectors that can be used to connect to Zoom meetings or webinars you are hosting and ensure the best-quality service.

    1. Starting April 18, with respect to data in transit, Zoom admins and account owners of paid accounts can, at the account, group, or user level:
    • Opt out of specific data center regions
    • Opt in to specific data center regions

    You will not be able to change or opt out of your default region, which will be locked. The default region is the region where a customer’s account is provisioned. For the majority of our customers, this is the United States.

    This feature gives our customers more control over their data and their interaction with our global network when using Zoom’s industry-leading video communication services.

    This is good news for paid subscribers, and further demonstrates the lengths to which Zoom is going to regain the trust they lost.

  • Apple and Google Working Together on Contact Tracing Tech

    Apple and Google Working Together on Contact Tracing Tech

    Apple has announced it is working with Google on contact tracing technology in an effort to stop the spread of the pandemic.

    Contact tracing involves tracing the contacts of an infected person, checking for further infections and tracing the ongoing and spreading network of contacts. In a press release, Apple described the initiative as “a joint effort to enable the use of Bluetooth technology to help governments and health agencies reduce the spread of the virus, with user privacy and security central to the design.”

    The two companies will launch an API and “operating system-level technology” that will play a role in the contact tracing. Both companies are committed to trying to protect user privacy. To aid in that goal, the project will be rolled out in two phases.

    “First, in May, both companies will release APIs that enable interoperability between Android and iOS devices using apps from public health authorities,” the release continues. “These official apps will be available for users to download via their respective app stores.

    “Second, in the coming months, Apple and Google will work to enable a broader Bluetooth-based contact tracing platform by building this functionality into the underlying platforms. This is a more robust solution than an API and would allow more individuals to participate, if they choose to opt in, as well as enable interaction with a broader ecosystem of apps and government health authorities. Privacy, transparency, and consent are of utmost importance in this effort, and we look forward to building this functionality in consultation with interested stakeholders. We will openly publish information about our work for others to analyze.”

    According to information on Google’s blog, the apps will not collect personally identifiable information, and the list of people a user has been in contact with will not leave their phone. The apps will also not track location. Instead, the phones, using anonymous Bluetooth keys will keep track of the phones it has been in close proximity with. If someone tests positive, and updates the app accordingly, anyone who has been in close proximity will be notified that they have been exposed and need to take the necessary measures.

    There are still many details left to be fleshed out, but hopefully the two companies will live up to their promise of protecting user privacy. While Google does not have the best track record in this regard, Apple is one of the foremost privacy proponents. Hopefully Apple’s involvement will help ensure user privacy is truly respected.

    Image Credit: Apple

  • Twitter Disables User Control of Advertising Data

    Twitter Disables User Control of Advertising Data

    Twitter took a big step backward in its efforts to protect user privacy, eliminating user control over data used for advertising.

    In an announcement that started showing up when users logged on, Twitter said the goal of the change was to help it continue as a free service. The announcement read:

    An update to your data-sharing settings

    The control you have over what information Twitter shares with its business partners has changed. Specifically, your ability to control mobile app advertising measurements has been removed, but you can control whether to share some non-public data to improve Twitter’s marketing activities on other sites and apps. These changes, which help Twitter to continue operating as a free service, are reflected now in your settings.

    The move is disappointing for users who value their privacy, although users in the European Union are unaffected by the change. Thanks to the EU’s GDPR, companies are required by law to give users control over their own data and how it is used.

    After Twitter’s announcement, it won’t be surprising if there are renewed calls for GDPR-style legislation in the U.S.

  • Coming or Going? In the Encryption Debate, U.S. Government Doesn’t Know

    Coming or Going? In the Encryption Debate, U.S. Government Doesn’t Know

    Senator Blumenthal has issued a call for the FTC to investigate Zoom’s security, illustrating a schism within the government over the issue of encryption.

    Few issues have polarized politicians, scientists, researchers and citizens as much as end-to-end encryption. Many officials, including multiple FBI directors, have warned that strong encryption makes it nearly impossible to properly investigate cases and contributes to criminals “going dark.” Others, such as Senators Ron Wyden and Rand Paul, have been staunch proponents of strong encryption. Similarly, mathematicians and security experts have repeatedly made the case that strong encryption cannot have backdoors or built-in weaknesses and still offer the necessary protection.

    Currently, the biggest threat to encryption in the U.S. is the upcoming EARN IT Act. The bill is designed to combat online sexual exploitation of children. While absolutely a worthwhile goal that should be a priority for companies, governments and individuals alike, the bill is a pandora’s box of uncertainty when it comes to encryption. The bill addresses protection under Section 230 of the Communications Decency Act, wherein companies are not held liable for things people say or do on their communications platforms.

    Under the proposed EARN IT Act, in order to maintain their protected status under Section 230, companies would need to comply with vague “best practices” established by a committee. This committee, and the U.S. Attorney General, would have wide discretion to determine what those “best practices” are. So what happens if the Attorney General is William Barr, an individual who has voiced staunch opposition to end-to-end encryption? Might “best practices” include the requirement that companies build in backdoors? Very likely.

    Backers of the bill, have said the bill is not an attack on encryption and that necessary safeguards are in place. However, nearly every expert who has reviewed the bill has arrived at a completely different conclusion, and believe the bill will absolutely lead to an all-out attack on encryption.

    Should that happen, many companies will have to choose between weakening their encryption, and thereby endangering their users, or move their businesses outside the U.S. One example is the encrypted messaging app Signal, ussed by the U.S. military, as well as senators and their staff. Signal developer Joshua Lund made it clear (an excellent read) the app will likely no longer be available in the U.S. if EARN IT passes.

    What makes this story all the more interesting is a recent tweet by Senator Richard Blumenthal, one of the sponsors of the EARN IT Act:

    I am calling on FTC to investigate @zoomus. Zoom’s pattern of security failures & privacy infringements should have drawn the FTC’s attention & scrutiny long ago. Advertising privacy features that do not exist is clearly a deceptive act.

    The facts & practices unearthed by researchers in recent weeks are alarming—we should be concerned about what remains hidden. As Zoom becomes embedded in Americans’ daily lives, we urgently need a full & transparent investigation of its privacy & security.

    Richard Blumenthal (@SenBlumenthal) April 7, 2020

    One of the biggest privacy and security issues with Zoom is the fact that it advertised end-to-end encryption, but failed to deliver. Based on Senator Blumenthal’s tweet, the message is clear: end-to-end encryption is a wonderful thing for government officials, so long as said government officials can still spy on the average citizen.

    In other words, the U.S. government is stuck in a strange dichotomy where it wants to punish companies for not supporting end-to-end encryption, while at the same time undermining and legislating backdoors in that very encryption.

  • DHS: Zoom Responding to Security Concerns

    DHS: Zoom Responding to Security Concerns

    The Department of Homeland Security (DHS) has issued a memo in support of Zoom and the company’s efforts to improve its security.

    According to Reuters, who gained access to the memo, DHS was addressing the recent issues Zoom has been facing regarding its security and privacy. The memo was “drafted by DHS’s Cybersecurity and Infrastructure Security Agency and the Federal Risk and Authorization Management Program, which screens software used by government bodies,” and circulated among the government’s top cybersecurity officials.

    Rather than calling for a moratorium on Zoom’s use, as some companies and governments have done, the DHS memo sought to put officials’ minds at ease by emphasizing that Zoom understood the seriousness of the concerns and was working hard to address them. The support is good news for Zoom and an indication its recent efforts to beef up privacy and security are beginning to yield much-needed fruit.

  • WhatsApp Limiting Message Forwarding to Combat Misinformation

    WhatsApp Limiting Message Forwarding to Combat Misinformation

    As tech companies continue to battle misinformation during the global crisis, WhatsApp has begun limiting message forwarding.

    In a blog post on the site, the company has announced it is limiting how much frequently forward messages—indicated by double arrows—can be spread, “introducing a limit so that these messages can only be forwarded to one chat at a time.”

    It is clear the company is endeavoring to balance the usefulness of forwarding messages with efforts to cut down on wide-scale forwarding from unreliable or unconfirmed sources.

    “As a private messaging service, we’ve taken several steps over the years to help keep conversations intimate,” reads the post. “For example, we previously set limits on forwarded messages to constrain virality. At the time, we saw a 25% decrease in total message forwards globally.

    “Is all forwarding bad? Certainly not. We know many users forward helpful information, as well as funny videos, memes, and reflections or prayers they find meaningful. In recent weeks, people have also used WhatsApp to organize public moments of support for frontline health workers. However, we’ve seen a significant increase in the amount of forwarding which users have told us can feel overwhelming and can contribute to the spread of misinformation. We believe it’s important to slow the spread of these messages down to keep WhatsApp a place for personal conversation.”

    This is a sensible step WhatsApp is taking, as it continues to walk a tightrope between protecting private conversation and limiting the spread of misinformation.

  • Zoom Pivots to Security Amid Ongoing Criticism

    Zoom Pivots to Security Amid Ongoing Criticism

    Zoom is taking drastic measures to improve its security and privacy amid criticism and scrutiny as it serves hundreds of millions of users.

    As the pandemic sweeps the globe, individuals, corporations and organizations of all types are making drastic changes to their daily workflows and routines. Zoom has become an integral part of those routines, and hundreds of millions of users have begun to rely on the platform for school, work and socializing.

    Unfortunately for the company, the increased usage has also brought increased scrutiny, especially in the realm of privacy and security. The company has been called to task for not using end-to-end encryption, as its marketing claims; for leaking email addresses; for sending data to Facebook without informing users, before finally removing the offending SDK; and for a rash of Zoom-bombing incidents where outside individuals gain access to a Zoom meeting and make a nuisance of themselves.

    In view of these challenges, Zoom is taking drastic action to beef up its security and privacy. In a blog post on the company’s site, founder and CEO Eric Yuan said the company is enacting a freeze for 90 days in order to shift all “engineering resources to focus on our biggest trust, safety, and privacy issues.”

    The company also plans to conduct a comprehensive review with third-party experts and release a transparency report. It will also enhance its bug bounty program, and engage in a number of white box penetration tests. Zoom has also improved its privacy policy, apologized for not handling its encryption issues clearly and tried to help individuals address Zoom-bombing.

    In short, the company is pulling out all the stops in an effort to improve its privacy and security, no small task given how quickly the platform has grown.

    “To put this growth in context, as of the end of December last year, the maximum number of daily meeting participants, both free and paid, conducted on Zoom was approximately 10 million,” writes Yuan. “In March this year, we reached more than 200 million daily meeting participants, both free and paid.”

    As we said in a previous article, “the increased scrutiny of Zoom is a good reminder to companies that privacy and security should never be an afterthought. Instead, they should be a core feature, built in to an app or service from day one.”

    That statement remains true—security and privacy should never be an afterthought. At the same time, it’s time to give credit where credit is due: Zoom is stepping up to the plate and doing everything possible to provide its users with the privacy and security they expect and deserve.

  • SpaceX Employees Won’t Be Zooming Anywhere

    SpaceX Employees Won’t Be Zooming Anywhere

    SpaceX has banned its employees from using Zoom for communication, in the latest challenge the popular videoconferencing app is facing.

    In a memo seen by Reuters, SpaceX cites “significant privacy and security concerns” as the reason behind the ban. The memo goes on to say: “We understand that many of us were using this tool for conferences and meeting support. Please use email, text or phone as alternate means of communication.”

    Zoom has been facing increasing scrutiny for its security and privacy, just as the app has become one of the most popular options for individuals sheltering in place and working from home. In short order, the app has been accused of not using end-to-end encryption, despite its marketing claims, as well as exposing users’ email addresses and phone numbers. Researchers have also discovered a serious security flaw in the Windows version of the app. New York Attorney General Letitia James is even looking into the company’s privacy practices.

    The increased scrutiny of Zoom is a good reminder to companies that privacy and security should never be an afterthought. Instead, they should be a core feature, built in to an app or service from day one.

  • FBI Warns of ‘Zoom-Bombing’ As Videoconferencing Soars

    FBI Warns of ‘Zoom-Bombing’ As Videoconferencing Soars

    The FBI is warning of ‘Zoom-bombing,’ where videoconferencing meetings are being hijacked by unwelcome participants.

    Zoom has quickly become one of the most popular videoconferencing platforms as millions of individuals self-isolate and work from home. The software is being used by companies, schools and individuals looking to continue some semblance of normalcy.

    Unfortunately, bad actors have been taking advantage of the platform and hijacking meetings. These disruptions have ranged from shouting profanities at the participants, to screen sharing pornography to the group. As a result, the FBI is recommending that Zoom users enable a number of settings to limit the risk, including:

    • Do not make meetings or classrooms public. In Zoom, there are two options to make a meeting private: require a meeting password or use the waiting room feature and control the admittance of guests.
    • Do not share a link to a teleconference or classroom on an unrestricted publicly available social media post. Provide the link directly to specific people.
    • Manage screensharing options. In Zoom, change screensharing to “Host Only.”
    • Ensure users are using the updated version of remote access/meeting applications. In January 2020, Zoom updated their software. In their security update, the teleconference software provider added passwords by default for meetings and disabled the ability to randomly scan for meetings to join.
    • Lastly, ensure that your organization’s telework policy or guide addresses requirements for physical and information security.

    These are excellent suggestions that everyone using Zoom should put into practice immediately.

  • Zoom Removes Facebook SDK From iOS Client

    Zoom Removes Facebook SDK From iOS Client

    The latest Zoom update removes the Facebook SDK responsible for the app sharing data with Facebook, even if a user did not have a Facebook account.

    The data sharing was originally discovered by Motherboard, and involved the Zoom app sharing a disturbing amount of data with Facebook, regardless of whether a user had a Facebook account or not. This didn’t sit well with many users, especially as the app has achieved near-default status as the videoconferencing tool of choice as millions of individuals work from home.

    Zoom has since released an update removing the offending SDK, as well as offering an explanation of what happened:

    “We originally implemented the ‘Login with Facebook’ feature using the Facebook SDK for iOS (Software Development Kit) in order to provide our users with another convenient way to access our platform. However, we were made aware on Wednesday, March 25, 2020, that the Facebook SDK was collecting device information unnecessary for us to provide our services. The information collected by the Facebook SDK did not include information and activities related to meetings such as attendees, names, notes, etc., but rather included information about devices such as the mobile OS type and version, the device time zone, device OS, device model and carrier, screen size, processor cores, and disk space.

    “Our customers’ privacy is incredibly important to us, and therefore we decided to remove the Facebook SDK in our iOS client and have reconfigured the feature so that users will still be able to log in with Facebook via their browser. Users will need to update to the latest version of our application that’s already available at 2:30 p.m. Pacific time on Friday, March 27, 2020, in order for these changes to take hold, and we strongly encourage them to do so.”

    This change is good news for everyone concerned with privacy. Given Facebook’s abysmal track record, there’s simply no reason to be sending the company data unless absolutely necessary—which in this case it was not.

  • U.S. Taking Measures to Limit Huawei’s Chip Supplies

    U.S. Taking Measures to Limit Huawei’s Chip Supplies

    U.S. officials are moving forward with plans to cut off Huawei’s chip supplies in an effort to blunt the company’s 5G dominance.

    The U.S. has banned Huawei and is pressuring allies to do the same. Officials claim the company serves as an arm of the Chinese government’s spying operations and opens countries that use the company’s equipment to spying by Beijing. Huawei has vehemently denied the claims, but that hasn’t stopped U.S. officials from taking almost every opportunity to target the company.

    Several weeks ago, officials began considering altering the Foreign Direct Product Rule to make it difficult for the Chinese firm to access the chips it needs. Now, according to Reuters, the U.S. is moving forward with those plans.

    “The decision came when U.S. officials from various agencies met and agreed on Wednesday to alter the Foreign Direct Product Rule, which subjects some foreign-made goods based on U.S. technology or software to U.S. regulations,” Reuters’ sources said.

    Only time will tell how much of an impact the change will have, but U.S. officials will likely consider any impact a win.

  • FBI Using Fitness App to Track You

    FBI Using Fitness App to Track You

    It was bound to happen. With mass surveillance being one of the most effective tools in the fight against the coronavirus pandemic, the FBI may be taking the first steps.

    Monday the FBI sent out a tweet recommending their fitness app for individuals looking for ways to stay active and fit while stuck indoors as a result of the virus.

    #MondayMotivation Are you looking for tips for indoor workouts? Download the #FBI’s Physical Fitness Test app to learn proper form for exercises you can do at home like pushups and situps. http://ow.ly/6y3f50yQeHj

    — FBI (@FBI) 3/23/20

    As multiple users started pointing out, however, when the app is downloaded, it asks for specific location information, as well as what WiFi networks you connect to. While Twitter may not always be the bastion of sound, measured responses, in this case the Twitterverse appears to be spot on in largely taking a hard pass on downloading the app.

    The app is, at least in part, governed by the Privacy Policy posted on fbi.gov, especially when the app is accessing the site. That policy makes the following statement:

    “To protect the system from unauthorized use and to ensure that the system is functioning properly, individuals using this computer system are subject to having all of their activities monitored and recorded by personnel authorized to do so by the FBI (and such monitoring and recording will be conducted). Anyone using this system expressly consents to such monitoring and is advised that if such monitoring reveals evidence of possible abuse or criminal activity, system personnel may provide the results of such monitoring to appropriate officials. Unauthorized attempts to upload or change information or otherwise cause damage to this service are strictly prohibited and may be punishable under applicable federal law.”

    In view of that statement, it looks as though it is technically possible for the FBI to legally justify using the app for surveillance. Consider yourself forewarned.

  • Mozilla Launches ‘Firefox Better Web with Scroll’ Test Pilot

    Mozilla Launches ‘Firefox Better Web with Scroll’ Test Pilot

    Firefox has announced the launch of a new Test Pilot program, Better Web with Scroll, aimed at improving the web experience for both publishers and users.

    Firefox is one of the most privacy-oriented companies in the world, and is constantly working to tackle problems related to privacy and the overall health of the web. Its latest initiative is designed to help publishers who have been hard hit by various privacy features, while at the same time incentivizing them to focus on quality content, rather than ad-driven quantity.

    “If we’re going to create a better internet for everyone, we need to figure out how to make it work for publishers,” writes Matt Grimes. “Last year, we launched Enhanced Tracking Protection by default and have blocked more than two trillion third-party trackers to date, but it didn’t directly address the problems that publishers face. That’s where our partner Scroll comes in. By engaging with a better funding model, sites in their growing network no longer have to show you ads to make money. They can focus on quality not clicks. Firefox Better Web with Scroll gives you the fast, private web you want and supports publishers at the same time.”

    The new initiative is based on Mozilla’s previously announced efforts to find alternative ways for publishers to monetize their content, without relying on ads. This is what led the non-profit to partner with Scroll. To join Firefox Better Web, users need to sign up for a Firefox account and install an extension. For the first six months, the service is discounted 50%, costing $2.50 a month. The money goes into a fund that is used to compensate writers and publishers. According to Mozilla, early tests show sites make at least 40% more than they would relying on ads.

    “Firefox Better Web combines the work we’ve done with third-party tracking protection and Scroll’s network of outstanding publishers,” adds Grimes. “This ensures you will get a top notch experience while still supporting publishers directly and keeping the web healthy.”

  • Google Sued For Collecting Children’s Personal Data

    Google Sued For Collecting Children’s Personal Data

    Google is facing yet another privacy-related issue, with New Mexico Attorney General Hector Balderas suing the company for collecting children’s personal data.

    The suit stems from Google’s sale of its Chromebook devices to schools for their students’ use, along with the company’s G Suite of office software and email. According to the lawsuit, the company collects vast amounts of personal information, via the services, from students under 13 years-old and without parental consent.

    “Student safety should be the number one priority of any company providing services to our children, particularly in schools,” said Attorney General Balderas. “Tracking student data without parental consent is not only illegal, it is dangerous; and my office will hold any company accountable who compromises the safety of New Mexican children.”

    In a letter to Google CEO Sundar Pichai, Balderas expresses his concern about the dangers associated with the alleged data collection:

    “Because the data Google has illegally collected can then be spread across the globe through both legitimate and illegitimate means, I am bringing a lawsuit to immediately stop this practice. Data brokers and marketing technology firms that do business with Google have been credibly accused of targeting children under the age of 13 with age-inappropriate advertising. Worse yet, some of these same firms have suffered significant data breaches, causing personal information to end up for sale on the dark web, hosted in countries well beyond the reach of law enforcement. As Attorney General, I must take swift legal action in order to protect our children.”

    According to Reuters, Google has denied the allegations, calling them “factually wrong,” although they did not elaborate. We will continue to monitor the story and provide updates.

  • Microsoft Edge Has Worst Default Privacy Settings

    Microsoft Edge Has Worst Default Privacy Settings

    In a study of major web browsers, Microsoft’s Edge was found to have the worst default privacy settings of the entire bunch.

    Douglas J. Leith, computer scientist with the School of Computer Science & Statistics, Trinity College Dublin, Ireland, conducted the research on Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser, Microsoft Edge and Yandex Browser. The study evaluated a number of different factors, including the data transmitted by search autocomplete features, data transmitted while the browsers are idle, back-end services the browsers use and more.

    Brave took the top spot, with not evidence of “identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers,” according to Leith. Chrome, Firefox and Safari were in the middle of the pack.

    “From a privacy perspective Microsoft Edge and Yandex are qualitatively different from the other browsers studied,” continued Leith. “Both send persistent identifiers than can be used to link requests (and associated IP address/location) to back end servers. Edge also sends the hardware UUID of the device to Microsoft and Yandex similarly transmits a hashed hardware identifier to back end servers. As far as we can tell this behaviour cannot be disabled by users. In addition to the search autocomplete functionality that shares details of web pages visited, both transmit web page information to servers that appear unrelated to search autocomplete.”

    For individuals and companies concerned with privacy and security, it seems Edge is the one to avoid until Microsoft tightens things up.