Showing posts with label collection of data. Show all posts
Showing posts with label collection of data. Show all posts

Thursday, September 29, 2016

Apple Tracks Chatting using iMessage & Shares Data with Police


Doing conversations with your friend on iMessage and thinking that they are safe and out of reach from anyone else other than you and your friend? No, it's not.


End-to-end encryption doesn't mean that your iMessages are secure enough to hide your trace because Apple not only stores a lot of information about your iMessages that could reveal your contacts and location, but even share that information with law enforcement via court orders.


According to a new document obtained by The Intercept, Apple records a log of which phone numbers you typed into their iPhone for a message conversation, along with the date and time when you entered those numbers as well as your IP address, which could be used to identify your location.

Actually, every time a user type a phone number into their iPhone for a message conversation, iMessage contacts Apple servers to find out whether to route a given message over the iMessage system.

"Apple records each query in which your phone calls home to see who's in the iMessage system and who's not," The Intercept reports.

Moreover, the company is compelled to turn over this information to law enforcement with a valid court order — generally "pen registers" or "tap and trace devices" warrants that are very easy to obtain.


Pen register warrants are routinely being used to compel telephone companies to provide metadata about customers' phone calls to law enforcement.


Apple Logs Your IP Address (Location)


But it’s surprising that Apple, which has positioned itself as a staunch defender of its user privacy by refusing the federal officials to provide encryption backdoors into its products, hands over its users' information on iMessage contacts under such warrants.


The report also points out that keeping logs of users IP address that could be used to reveal one’s actual location is contrary to Apple's 2013 claim that the company "do not store data related to customers' location."


The Intercept obtained the document, titled 'iMessage FAQ for Law Enforcement,' about Apple's iMessage logs as part of a much larger cache originating from within a state police agency, "The Florida Department of Law Enforcement's Electronic Surveillance Support Team."

The team facilitates mass data collection for law enforcement using controversial tools such as Stingrays, along with the help of conventional techniques like pen registers and tap and trace devices warrants.


Although your iMessages are end-to-end encrypted, it doesn’t mean that all Apple users are enjoying the company's so-called privacy benefit.


If you have enabled iCloud Backup on your Apple devices to keep a backup of your data, the copies of all your messages, photographs and every important data stored on your device, are encrypted on iCloud using a key controlled by Apple, and not you.


So, Apple can still read your end-to-end encrypted iMessages, if it wants.


Even if you trust the company that it won't provide your decrypted data to law enforcement (just don't forget San Bernardino case in which Apple helped the FBI with the iCloud backup of the Shooter's iPhone), anyone who breaks into your iCloud account could see your personal and confidential data.


Apple deliberately Weakens Backup Encryption


Fortunately, it is possible to store your backups locally through iTunes, though it is not such an obvious choice for an average user.


What's even worse is that a recent issue in the local password-protected iTunes backups affects the encryption strength for backups of devices on iOS 10, allowing attackers to brute-force the password for a user's local backup 2,500 faster than was possible on iOS 9.


Apple has already confirmed that the issue exists and that a fix would be included in an upcoming update.


However, in response to the latest report about iMessage logs, Apple provided the following statement:


"When law enforcement presents us with a valid subpoena or court order, we provide the requested information if it is in our possession. Because iMessage is encrypted end-to-end, we do not have access to the contents of those communications. In some cases, we are able to provide data from server logs that are generated from customers accessing certain apps on their devices. We work closely with law enforcement to help them understand what we can provide and make clear these query logs don’t contain the contents of conversations or prove that any communication actually took place."


The Florida Department of Law Enforcement still has to comment on the matter.

Friday, August 26, 2016

WhatsApp to share User data with Facebook - 30 Days Left to stop it



Nothing comes for Free, as "Free" is just a relative term used by companies to develop a strong user base and then use it for their own benefits.


The same has been done by the secure messaging app WhatsApp, which has now made it crystal clearthat the popular messaging service will begin sharing its users’ data with its parent company, Facebook.


However, WhatsApp is offering a partial opt-out for Facebook targeted ads and product related purposes, which I will let you know later in this article, but completely opting out of the data-sharing does not seem to be possible.


Let's know what the company has decided to do with your data.
Of course, Facebook is willing to use your data to sell more targeted advertisements.




WhatsApp introduced some significant changes to its privacy policy and T&Cs today which, if accepted once, gives it permission to connect users' Facebook accounts to WhatsApp accounts for the first time, giving Facebook more data about users for delivering more relevant ads on the social network.


The messaging service will also begin pushing users to share some of their account details, including phone numbers, with Facebook, allowing the social network to suggest phone contacts as friends.


When Facebook acquired WhatsApp for $19 Billion in 2014, users were worried about the company's commitment to protecting its users' privacy. But, WhatsApp reassured them that their privacy would not be compromised in any way.

"Respect for your privacy is coded into our DNA, and we built WhatsApp around the goal of knowing as little about you as possible," said WhatsApp co-founder Jan Koum in a blog post published at that time.

Now the WhatsApp users are feeling betrayed by the company's latest move.


However, you need not to worry about the contents of your WhatsApp messages, like words and images, as they are end-to-end encrypted, meaning that even the company cannot read them.


Ultimately, the two companies will be sharing, what they called, a limited amount of user data, which includes phone numbers and other information about users.



No Option to Completely Opt-Out of Data Sharing


If you think WhatsApp is more privacy conscious than Facebook’s Messenger, it is not anymore.


WhatsApp is offering a solution partially to opt out the data sharing, specifically for Facebook ad targeting and product-related purposes.


However, the company notes that data will still be shared "for other purposes such as improving infrastructure and delivery systems, understanding how our services or theirs are used, securing systems, and fighting spam, abuse, or infringement activities."


So, those who are thinking to opt out of the data-sharing entirely: There's no possible way to opt totally out.


Though one short solution is to stop using WhatsApp.



Here's How to opt -out of sharing data for Facebook ad-targeting purpose:


The company has outlined two ways to opt out of the exchange of information with Facebook on its blog.


One way is for those users who have not yet agreed to the new terms of service and privacy policy, so before agreeing to the new terms, follow these simple steps:


  • When prompted to accept the updated T&Cs, tap Read to expand the full text.
  • A checkbox option at the bottom of the policy for sharing your data on Facebook will appear.
  • Untick this option before hitting Agree. This will let you opt out of the data-sharing.

The second option is for those who have already accepted the new T&Cs without unchecking the box to share their information with Facebook.


WhatsApp is also offering a thirty-day window for users to make the same choice via the settings page in the app. To exercise your opt-out in this scenario you need to follow these steps:


  • Go to Settings → Account → Share my account info in the WhatsApp app
  • Uncheck the box displayed there within 30 days, as after that this partial opt-out window will expire.
However, WhatsApp states Facebook will still receive your data in some situations.

After introducing end-to-end encryption, WhatsApp has become one of the most popular secure messaging apps, but this sudden shift in its privacy policy may force some users to switch to other secure apps like Telegram and Signal.

Whatsapp to Share User Data with Facebook for ad Targeting


Its now official. WhatsApp just stated that they’re sharing user data with Facebook.
In a blogpost updated moments ago, Whatsapp noted:
And by connecting your phone number with Facebook‘s systems, Facebook can offer better friend suggestions and show you more relevant ads if you have an account with them.
In addition to this, Whatsapp has said that it won’t share Whatsapp conversations or content of messages with anyone. That’s something not everyone is going to trust, especially when you consider Facebook’s new ball game.
Let’s not forget that Facebook had bought Whatsapp for a whooping 19 billion dollars. Clearly they didn’t invest this amount of money for a service that doesn’t even generate more than 1$ per customer per year, or in some cases not even a single penny for a lifetime.

What Does This Mean For Us?

Whatsapp had more than a billion active users as of February 2016, which means one in every seven individuals on earth has a Whatsapp account. Resultantly, Facebook — through this acquisition — will have access to major part of communication that we do, and just if you don’t know: more information means more money.
What’s more alarming for some customers would be the fact that Whatsapp could also give access to your communication to governments world over, especially the notorious NSA.
While its still early to say more on how this shared data is going to impact our lives, given the track record, we can predict that its not going to be very beautiful.

Tuesday, July 26, 2016

FRANCE Warns Microsoft to stop collecting Windows 10 users Personal data



We have heard a lot about privacy concerns surrounding Windows 10 and accusations on Microsoft ofcollecting too much data about users without their consent.


Now, the French data protection authority has ordered Microsoft to stop it.


France's National Data Protection Commission (CNIL) issued a formal notice on Wednesday, asking Microsoft to "stop collecting excessive data" as well as "tracking browsing by users without their consent."


The CNIL, Commission Nationale de l’Informatique et des Libertés, ordered Microsoft to comply with the French Data Protection Act within 3 months, and if fails, the commission will issue a sanction against the company.


Moreover, the CNIL notified Microsoft that the company must also take "satisfactory measures to ensure the security and confidentiality" of its users' personal data.


The notice comes after a series of investigations between April and June 2016 by French authorities, revealing that Microsoft was still transferring data to the United States under the "Safe Harbor" agreement that a European Court court invalidated in October last year.



Allegations on Windows 10


The CNIL's list of complaints about Windows 10 does not end there, as it goes on to read:




  • Microsoft is collecting data on "Windows app and Windows Store usage data," along with monitoring apps its user's download and time spent on each app, which according to the CNIL, is irrelevant and "excessive" data collection.
  • Microsoft is also criticized for its lack of security, since there is no limit set on the number of guesses for entering the four-digit PIN used to protect your Microsoft account.
  • After Windows 10 installation, Microsoft also activates a user's advertising ID by default, which enables Windows apps as well as other third-party apps to monitor user browsing history and to offer targeted ads "without obtaining users' consent."
  • Windows 10 does not give you any option to block cookies.
  • And as I mentioned above, Microsoft is transferring its users' personal data to the United States under the "Safe Harbor" agreement.
 In a statement, the CNIL said: "It has been decided to make the formal notice public due to, among other reasons, the seriousness of the breaches and the number of individuals concerned (more than ten million Windows users on French territory)."

Microsoft Response on the CNIL Notice


Microsoft has responded to the notice, saying the company is happy to work with the CNIL to"understand the agency's concerns fully and to work toward solutions that it will find acceptable." 


What's more interesting is that Microsoft does not deny the allegations set against it and does nothing to defend Windows 10 excessive data collection, as well as fails to address the privacy concerns the CNIL raises.


However, the tech giant does address concerns about the transfer of its users' personal data to the U.S. under the "Safe Harbor" agreement, saying that "the Safe Harbor framework is no longer valid for transferring data from European Union to the United States."


The company says it still complies with the Safe Harbor agreement up until the adoption of Privacy Shield.


"Microsoft has in fact continued to live up to all of its commitments under the Safe Harbor Framework, even as the European and US representatives worked toward the new Privacy Shield," says Microsoft. "We're working now toward meeting the requirements of the Privacy Shield."

Windows 10 Privacy concerns seem to be a never ending topic. Over the last year, Microsoft has annoyed users with a number of weird practices around Windows 10, including aggressive upgrades and transferring too much information about users back to Redmond.


Since there is the promise of a statement about privacy next week, let's see what happens next. You can read Microsoft's full statement, courtesy of David Heiner, vice president and deputy general counsel, on VentureBeat.

Monday, May 2, 2016

Microsoft to Store Data on DNA

data-storage-dna
INFO:

Do you know — 1 Gram of DNA Can Store 1,000,000,000 Terabyte of Data for 1000+ Years.


Microsoft has purchased 10 Million strands of synthetic DNA, called Oligonucleotides a.k.a. DNA molecules, from biology startup Twist and collaborated with researchers from University of Washington to explore the idea of using synthetic DNA to store huge amount of data.


Detailed:

Microsoft is planning to drastically change the future of data storage technology as we know it today.


The volume and rate of production of data being produced and stored every day are so fast that the servers and hard drives needing to be replaced periodically, potentially increasing the risk of corruption and data loss.


According to stats, 5.4 zettabytes (4.4 trillion gigabytes) of digital data, circulating and available worldwide, had been created by 2015, and it will boost to 54 zettabytes (ZB) by 2020.


How will the world suppose to store this 10 times amount of data in next four years?


For this, Microsoft has partnered with scientists at the University of Washington to focus on using DNA as a data storage medium, the companies announced on Wednesday.


Yes, Microsoft is planning to store data in DNA.

The data storage density of DNA is enormously higher than conventional storage systems, as just 1 gram of DNA can store close to 1 Billion Terabytes of data.


Besides this, DNA is also remarkably robust, which means the data stored in DNA can stay intact and readable for as long as 1,000 to 10,000 years.


According to Twist, all of the digital data that exists today could be stored in less than 20 grams of DNA.


Though the technology is long away from ready for commercial products (so you will not see a DNA-powered smartphone anytime soon), the initial tests done by the company last fall demonstrated 100 percent of digital data encoded on DNA could be recovered, Microsoft Research's Doug Carmean said in the press release.


Recently, the American Chemical Society said in a statement that storing data on DNA could last up to 2,000 years without deterioration.

Wednesday, April 20, 2016

Google Steps forward to Secure its Web Store

Intro:
Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data.

But, now Google has updated its browser’s User Data Policy requiring all Chrome extension and app developers to disclose what data they collect.

Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use encryption when handling sensitive information from users

Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they?

The company plans to enforce developers starting this summer, to "ensure transparent use of the data in a way that is consistent with the wishes and expectations of users."

Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers' data.

Google’s new User Data Policy will now force app developers, who use the Chrome Web Store to distribute their products, to be more transparent about their data collection practices.

In other words, the company wants its Chrome users to know what's happening when they use third-party apps and services that rely on its browser.

According to Google, "Protecting our users is our key priority, and we believe this change will make sure users are better informed and allow them to choose how their user data is handled."

Here's the list of new requirements for developers:


  • Be transparent about the handling of user's data and disclose privacy practices.
  • Post a privacy policy as well as use encryption for handling personal or sensitive information of users.
  • Ask users to consent to the collection of their personal or sensitive data via a prominent disclosure, when the use of the data is not related to a prominent feature.

Besides this, developers are also restricted from collecting user's Web browsing activity that is not at all required for their app's main functionality.

Google has already started notifying app developers about the change in its privacy policy and is giving them 3 months from now to comply.

From July 15, 2016, any app or extension that violates any of the requirements mentioned above will be discarded from the Chrome Web Store. So the only way to be restored will be to comply with the new policies.