PersonalData
Latest
Microsoft tests feature to give people control over their personal data
Microsoft appears to be working on a project called Bali that would give users the ability to control data collected about them. The feature, spotted by Twitter user Longhorn, is being developed by the Microsoft Research team and appears to be in the stages of private testing for the time being.
Researchers may have exposed Facebook quiz data on 3 million users
Once again, an app on Facebook has been linked to potential exposure of personal information. Researchers stored responses from a personality application running on the social network on an insecure website, which could have exposed answers from up to 3 million users, according to a New Scientist report. While this isn't as severe as the Cambridge Analytica leak, it's distantly connected. The data was held by academics from the University of Cambridge's Psychometrics Centre -- and the project had previously involved Alexandr Kogan, the researcher embroiled in the Cambridge Analytica scandal.
Check right now if Cambridge Analytica used your Facebook data
In the aftermath of the Cambridge Analytica scandal, you're probably wondering: Was I actually affected? After all, the company obtained data on 87 million users (that's the current estimate, anyway.) Facebook has, thankfully, started sending News Feed notifications to explain whether users' accounts were affected. If you're still waiting for yours to come through, however, you can visit this page and find out immediately. In short, it explains if you or your friends ever logged into This Is Your Digital Life — the quiz app developed by university researcher Dr Aleksandr Kogan, which Cambridge Analytica used to profile and manipulate users.
Federal employees stole data from Homeland Security
Three employees of the inspector general's office for the Department of Homeland Security (DHS) are accused of stealing a computer system that contained around 246,000 employees' personal data. That information included names, social security numbers and dates of birth, USA Today reports, and one of the suspects is also said to have had in their possession around 159,000 agency case files. The data breach was reported to DHS officials in May and acting DHS Secretary Elaine Duke decided in August to notify the employees whose information was included in the stolen data.
Apple at odds with Indian regulators over anti-spam app
In a classic case of an unstoppable force meeting an immovable object, Apple's refusal to approve the Indian government's anti-spam iPhone app is causing uproar on both sides. The Telecom Regulatory Authority of India has been pushing unsuccessfully to get its "Do Not Disturb" software included in the App Store, and Apple refuses to budge on the matter, claiming it violates the company's privacy policy.
Home Depot left customers' unprotected personal data online
It's been awhile since hackers broke into Home Depot's servers and stole 56 million customers' credit card information back in 2014. But recently, a tipster pointed business watchdog site Consumerist to a web address under the HomeDepot.com domain. The unprotected page stored photos of various home improvement projects...and 13 Excel spreadsheets filled with customer data. All told, it had names, phone numbers, and physical and email addresses for up to 8,000 people. And all those files sat there unprotected, unencrypted and discoverable by search engines for an unknown period of time.
Nigerian man charged in hacking of 108 LA county employee emails
It might not quite rival last week's revelation that up to one billion Yahoo accounts had been hacked in 2013, but it'll be news to anybody who contacted local government officials in Los Angeles. A Nigerian national has been charged with hacking LA county employee accounts that might have exposed personal data of up to 756,000 people. 37-year-old Kelvin Onaghinor has not been arrested and authorities are unsure whether he's still in the US. They're also searching for possible accomplices.
Amazon accused of handing out its users' personal data
Eric Springer is not happy, mostly because he believes that Amazon let a nefarious type get at his account. In a blog over at Medium, Springer revealed that he was the victim of a "social engineering" hack that exposed his details to an unnamed third party. With just a rough idea of Springer's location and his email address, the attacker tricked a customer services rep to give up almost all of his personal information. The attacker was subsequently able to use this data to trick Springer's bank into sending out a copy of his credit card.
Ashley Madison hack threatens to expose millions of users
Ashley Madison, the dating website that purports to connect people looking for an affair, has been the victim of a hack that has exposed the personal data of its 37 million users. Krebs on Security is reporting that the perpetrators are a hacker or hackers going by the name of Impact Team. So far, only a small selection of information has been uploaded, but the group is threatening to post the entire haul unless Ashley Madison and sister site Established Men are shut down for good. CEO Noel Biderman has confirmed that the attack is legitimate and has pledged to take down compromising files as they're found online. Not that it's likely to be much comfort to the people waking up to find their personal details splashed across the internet.
Apple's now storing some personal user data in China
It's no secret that the relationship between Apple and China hasn't always been the best. From the banning of its products for government use, to the Chinese state media wanting the Cupertino company "severely punished" for NSA spying, these cases are well-documented. That said, China's consumer market is extremely important to Apple -- which isn't really surprising, given the sheer magnitude of it. But now, with a number of new iDevices hitting shelves there of late, Apple's had to look to servers located in mainland China to store Chinese users' personal data. As Reuters notes, this is the first time the company has begun storing this type of data in that country -- Apple says the decision was made as part of a plan to improve the overall performance of its cloud service, iCloud.
Facebook details proposed changes to its data use policies following court order
Facebook made some changes to its data use policy late last year (in addition to some changes to its actual process for making changes), and it's now back with another set of updates. As Facebook's Chief Privacy Office Erin Egan explains, the new changes affect two of its key documents -- its Data Use Policy and Statement of Rights and Responsibilities -- and they come as a result of a settlement in a court case concerning its use of personal data in advertising. Among the changes are a revised explanation of "how things like your name, profile picture and content may be used in connection with ads or commercial content," which Facebook says will now "make it clear that you are granting Facebook permission for this use when you use our services." The data use policy also encompasses data retention by third parties, who Facebook says you must contact directly if you wish to have your personal data deleted, even if you have deleted the third-party application itself. As AllThingsD notes, your profile picture will also now figure more prominently in Facebook's facial-recognition system for photo tagging, although you can still opt out of that if you like. These are also all still just proposed changes for the time being; under its new process, Facebook users have seven days to offer their comments, but no vote will take place.
EU regulators ask Google to 'pause' its privacy changes, need more time to investigate
Google has gone to great lengths to clarify its revamped privacy policy, but a regulatory body in the European Union thinks the company is moving a little too fast. Today, European regulators formally requested that Google "pause" its rollout, in order to give the EU more time to investigate its forthcoming changes. "Given the wide range of services you offer, and the popularity of these services, changes in your privacy policy may affect many citizens in most or all of the EU member states," the EU's Data Protection Working Party wrote in a letter to Google CEO Larry Page yesterday. "We wish to check the possible consequences for the protection of the personal data of these citizens in a coordinated way." The body didn't specify how much time it would need to investigate, but it stressed that doing so would help to ensure absolute transparency among European users. "[W]e call for a pause in the interests of ensuring that there can be no misunderstanding about Google's commitments to information rights of their users and EU citizens, until we have completed our analysis," the letter reads. Viviane Reding, Europe's commissioner on data protection, heralded the move as an important step in asserting EU authority over online privacy and regulations, but Google was somewhat taken aback by the request. "We briefed most of the members of the working party in the weeks leading up to our announcement," said company spokesman Al Verney. "None of them expressed substantial concerns at the time, but of course we're happy to speak with any data protection authority that has questions." It's worth noting that Google isn't legally bound to heed the Working Party's request, though we'd expect the company to seek some sort of compromise with Europe's regulators, as it has in the past.
Vlingo co-founder explains data-collection issues
With Carrier IQ and O2's most recent data-snooping, people's vigilance about what information cellphones transmit is increasing. Using a Galaxy Note, AndroidPit found that every four minutes, Vlingo's voice-recognition app was sending a packet of data to an unencrypted server. The packet contained your GPS co-ordinates, IMEI (unique device identifier), contact list and the title of every song stored on your device -- without proper warning in the privacy policy you agree to when starting up the app. We spoke with co-founder John Wynn, product marketing head TJ Leonard and communications manager Erin Keleher, who gave us a full and frank discussion about what's going on and the steps it's taking to remedy the situation, which we've got for you after the break.
Carrier IQ VP says software poses no threat to user privacy, backs up his argument with metaphor
The final chapter of the Carrier IQ saga has yet to be written, but at this juncture, even the rosiest of rose-tinted observers would be hard pressed to find a silver lining. The specter of federal investigation looms larger by the day. Implicated carriers and manufacturers are washing their hands with Macbethian fury. Al Franken is on the verge of going Al Franken. And at the epicenter of all this sits Carrier IQ -- a California-based analytics company that has already gone to great lengths to defend its innocence. First, it sought to discredit Trevor Eckhart's ostensibly damning research with a cease-and-desist letter. Then, CEO Larry Lenhart flatly denied Eckhart's findings with an impassioned YouTube address. In recent days, the company has markedly softened its stance, arguing that its apps are only designed to meet operator demands and to "make your phones better." Now, Carrier IQ has elaborated upon these arguments with a more detailed breakdown of how its software functions, and a more substantive defense of its practices. Head past the break to read more.
WikiLeaks' Spy Files shed light on the corporate side of government surveillance
WikiLeaks' latest batch of documents hit the web this week, providing the world with a scarily thorough breakdown of a thoroughly scary industry -- government surveillance. The organization's trove, known as the Spy Files, includes a total of 287 files on surveillance products from 160 companies, as well as secret brochures and presentations that these firms use to market their technologies to government agencies. As Ars Technica reports, many of these products are designed to get around standard privacy guards installed in consumer devices, while some even act like malware. DigiTask, for example, is a German company that produces and markets software capable of circumventing a device's SSL encryption and transmitting all instant messages, emails and recorded web activity to clients (i.e., law enforcement agencies). This "remote forensic software" also sports keystroke logging capabilities, and can capture screenshots, as well. Included among DigiTask's other products is the WifiCatcher -- a portable device capable of culling data from users linked up to a public WiFi network. US-based SS8, Italy's Hacking Team and France's Vupen produce similar Trojan-like malware capable of documenting a phone or computer's "every use, movement, and even the sights and sounds of the room it is in," according to the publication. Speaking at City University in London yesterday, WikiLeaks founder Julian Assange said his organization decided to unleash the Spy Files as "a mass attack on the mass surveillance industry," adding that the technologies described could easily transform participating governments into a "totalitarian surveillance state." The documents, released on the heels of the Wall Street Journal's corroborative "Surveillance Catalog" report, were published alongside a preface from WikiLeaks, justifying its imperative to excavate such an "unregulated" industry. "Intelligence agencies, military forces, and police authorities are able to silently, and on mass, and [sic] secretly intercept calls and take over computers without the help or knowledge of the telecommunication providers," wrote Wikileaks in its report. "In the last ten years systems for indiscriminate, mass surveillance have become the norm." The organization says this initial document dump is only the first in a larger series of related files, scheduled for future release. You can comb through them for yourself, at the source link below.
Google announces 'opt-out' feature for wireless network owners, aims to allay privacy concerns
Google, as promised, responded to concerns over its data collection policy this morning, by announcing a new "opt-out" feature for its location based services. Under the new policy, WiFi operators can remove their home networks from Google's geolocation database by simply adding "_nomap" to the end of their access point's SSID. A network named "Engadget," for example, would be renamed "Engadget_nomap," and dutifully removed from the Google Location Server. In a blog post announcing the change, the company explained that this solution offers "the right balance of simplicity as well as protection against abuse," since it "helps protect against others opting out your access point without your permission." For more details, hit up the source link below, or check out Google's Help Center for more detailed instructions on how to opt out.
iSpy software can read texts and steal passwords with its little eye (video)
We spy, with our bleary eye, a new piece of software that could make it dramatically easier to steal personal data. The program, known as iSpy, allows devious voyeurs to remotely identify and read text typed on touchscreen displays. That, in and of itself, isn't exactly new, but iSpy takes shoulder surfing to slightly terrifying new areas -- namely, those beyond the "shoulder." Developed by Jan-Michael Frahm and Fabian Monrose of the UNC-Chapel Hill, this program, like those before it, takes advantage of the magnified keys found on most touchscreens. All you'd have to do is point a camera at someone else's screen and iSpy will automatically record whatever he or she types by stabilizing the video footage and identifying the enlarged keys. If you're using a smartphone camera, you'll be able to eavesdrop from up to three meters away, but if you opt for a more heavy duty DSLR device, you could steal passwords from up to 60 meters away. The software can also recognize any words typed into a device, and, according to its architects, can identify letters with greater than 90 percent accuracy. When used with a DSLR camera, iSpy can even pick up on reflections of touchscreens in sunglasses or window panes from up to 12 meters away. To avoid this, Frahm and Monrose recommend disabling the magnified key function on your smartphone, or using some sort of screen shield. We recommend checking out a video of the program, after the break.
Device Analyzer Android study wants to track your every move, if you'll let it
And here we thought folks were concerned about protecting their personal data. As it turns out, however, a surprising chunk of Android users have volunteered to give a group of University of Cambridge researchers a look at exactly how they use their cellphones. By downloading the Device Analyzer app from the Android market, more than 1,000 participants have allowed the data collection program to harvest statistics in the background while they use their phones. Those statistics -- varying from when the power is switched on, to which apps are in use -- are then made available to users via the Device Analyzer website. Of course, this is Cambridge, a rather well respected institution of higher learning, and the researchers involved say the data collected is stripped of personal information "as best as possible," but we're not keen on anyone peeping our cell stats. If you're an Android exhibitionist, however, you can sign up for the study at the source link below.
Google's wardriving days are over, says Canadian privacy commissioner
When Google's Street View cars glide through your neighborhood next, you can leave the WPA2 encryption off -- Canada says that the company has "discontinued" the practice of snooping on unsecured WiFi networks with its mapping vehicles, and "has no plans to resume it." That's one of several findings in a report by Canada's privacy commissioner today, which also claims that the controversial data collection feature was the work of a single Google engineer, and that Google intends to use smartphones to pinpoint WiFi networks from now on. Naturally, the latter caused the commissioner concern that Android phones might capture the same data as the cars. Perhaps you'd best keep those shields up after all.
Street View cars mistakenly nabs personal data over open WiFi networks, says Google
Let this be a very strong reminder to password-protect your WiFi networks... but first, some backstory. In 2006, a Google engineer "working on an experimental WiFi project" wrote a piece of code for collecting "all categories of public broadcast WiFi data" -- basically, all information (known as "payload") downloaded and uploaded from an open / non-password protected network. That code -- by mistake, as VP of Engineering and Research Alan Eustace says -- wound up a year later into the software Google's Street View cars used to collect location-based data. Eustace addressed the situation in an official blog post today -- the revelation of the payload data reportedly discovered after an audit requested by Hamburg, Germany's data protection authority (DPA). The original intention, he said, was to obtain only SSID information and MAC addresses, but that just wasn't the case. Offering an open apology, he reassured that this affected only open networks and, given the cars being "constantly on the move," only fragments of data were collected -- fragments that he says were never looked at or even noticed until the audit. Plans are currently in action to remove the extraneous info -- "we want to delete this data as soon as possible, and are currently reaching out to regulators in the relevant countries about how to quickly dispose of it." Additionally, all affected Street View cars have been grounded, so that great idea you had about dressing up as a Power Ranger and getting yourself a spot in Google Maps coordinates? Looks like that loss of privacy might've afforded you some extra time to paint the helmet.
