Wednesday, April 20, 2016

Google Steps forward to Secure its Web Store

Intro:
Chrome apps and extensions make things easier, but they can also do terrible things like spy on web users and collect their personal data.

But, now Google has updated its browser’s User Data Policy requiring all Chrome extension and app developers to disclose what data they collect.

Furthermore, developers are prohibited from collecting unnecessary browsing data and must also use encryption when handling sensitive information from users

Around 40 percent of all Google Chrome users have some kind of browser extensions, plugins or add-ons installed, but how safe are they?

The company plans to enforce developers starting this summer, to "ensure transparent use of the data in a way that is consistent with the wishes and expectations of users."

Google is making its Chrome Web Store safer for its users by forcing developers to disclose how they handle customers' data.

Google’s new User Data Policy will now force app developers, who use the Chrome Web Store to distribute their products, to be more transparent about their data collection practices.

In other words, the company wants its Chrome users to know what's happening when they use third-party apps and services that rely on its browser.

According to Google, "Protecting our users is our key priority, and we believe this change will make sure users are better informed and allow them to choose how their user data is handled."

Here's the list of new requirements for developers:


  • Be transparent about the handling of user's data and disclose privacy practices.
  • Post a privacy policy as well as use encryption for handling personal or sensitive information of users.
  • Ask users to consent to the collection of their personal or sensitive data via a prominent disclosure, when the use of the data is not related to a prominent feature.

Besides this, developers are also restricted from collecting user's Web browsing activity that is not at all required for their app's main functionality.

Google has already started notifying app developers about the change in its privacy policy and is giving them 3 months from now to comply.

From July 15, 2016, any app or extension that violates any of the requirements mentioned above will be discarded from the Chrome Web Store. So the only way to be restored will be to comply with the new policies.

Viber added End-to-End Encryption & PIN Protected Hidden Chats Features in Update



Viber, the popular mobile messaging app announced Tuesday that it has added full end-to-end encryption for video, voice and text message services for its millions of users.


Here, the end-to-end encryption means only you and the person you are communicating with can read the content, and nobody in between, not even the company and if court orders company to provide user data, they will get only the heaps of encrypted data.


Viber is the latest messaging platform to join WhatsAppTelegram, and Apple iMessage, who strengthened their default privacy features in recent times.


Founded in 2010 and acquired by Japanese e-commerce titan Rakuten for $900 Million in 2014, Viber is currently being used by more than 700 Million users globally across Android, iOS, Windows Phone, and desktop, the company claimed in a blog post published today.


The move comes just a couple of weeks after Facebook-owned Whatsapp messaging app implemented full end-to-end encryption by default for its one billion users.


Besides offering end-to-end encryption on all communication, the company will also provide a new PIN-protected hidden chat feature to help its users hide conversations from the main chat list, as well as Contact Authentication feature to verify contacts you're talking to.

All users need to update their app with the latest version of the company's software, Viber 6.0, take advantage of the features.Once installed, your Viber app will now show you a padlock in conversations to confirm that your one-to-one and group messages are end-to-end encrypted.

However, users will probably need to wait few weeks before everyone's app updates to add the new end-to-end encryption on Android and iOS.


In the wake of Apple’s months-long battle with the Federal Bureau of Investigation (FBI) over an iPhone used by a San Bernardino terrorist, it seems like end-to-end encryption has become a trend and you’ll continue to see this in more applications and services.

Hackers can SPY your Phone calls,texts,location & others just by knowing your Phone Number



The famous ‘60 Minutes’ television show shocked some viewers Sunday evening when a team of German hackers demonstrated how they spied on an iPhone used by U.S. Congressman, then recorded his phone calls and tracked his movement through Los Angeles.

Hackers leverage a security flaw in SS7 (Signalling System Seven) protocol that allows hackers to track phone locations, listen in on calls and text messages.

The global telecom network SS7 is still vulnerable to several security flaws that could let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale, despite the most advanced encryption used by cellular networks.

All one need is the target's phone number to track him/her anywhere on the planet and even eavesdrop on the conversations.

SS7 or Signalling System Number 7 is a telephony signaling protocol used by more than 800 telecommunication operators around the world to exchange information with one another, cross-carrier billing, enabling roaming, and other features.


Hackers Spied on US Congressman's Smartphone


With US Congressman Ted Lieu's permission for a piece broadcast Sunday night by 60 Minutes, Karsten Nohl of German Security Research Labs was able to intercept his iPhone, record phone call made from his phone to a reporter, and track his precise location in real-time.

During the phone call about the cell phone network hacking, Lieu said: "First, it's really creepy, and second, it makes me angry."
"Last year, the President of the United States called me on my phone, and we discussed some issues," he added. "So if hackers were listening in, they'd know that phone conversation, and that is immensely troubling."
What's more awful is that the designing flaws in SS7 have been in circulation since 2014, when the same German researchers' team alerted the world to it. Some flaws were patched, but few apparently remain or intentionally left, as some observers argue, for governments to snoop on its targets.

The major problem with SS7 is that if any one of the telecom operators is hacked or employs a rogue admin, a large scale of information, including voice calls, text messages, billing information, relaying metadata and subscriber data, is wide open to interception.

The weakness affects all phones, whether it's iOS, Android, or whatever, and is a major security issue. Although the network operators are unwilling or unable to patch the hole, there is little the smartphone users can do.

How Can You Avoid this Hack?


The best mitigation is to use communication apps – that offers "end-to-end encryption" to encrypt your data before it leaves your smartphone – over your phone's standard calling feature.

Lieu, who sits on House subcommittees for information technology and national security, also argues for Strong Encryption that, according to the Federal Bureau of Investigation (FBI), make it harder to solve crimes.

Lieu strongly criticized the United States agencies, if any, that may have ignored such serious vulnerabilities that affect Billions of cellular customers.

"The people who knew about this flaw [or flaws] should be fired," Lieu said on the show. "You can't have 300-some Million Americans—and really, right, the global citizenry — be at risk of having their phone conversations intercepted with a known flaw, simply because some intelligence agencies might get some data."

Monday, April 18, 2016

Facebook just made VR selfie sticks a thing

Vrself
During the second day of Facebook's F8 conference, the company showed off the latest prototype demo of its ToyBox virtual reality software. But this one offered a huge twist: VR selfies.
In the middle of his keynote, Facebook CTO Mike Schroepfer donned an Oculus Rift headset and met another person in VR at a remote location. In the early version of this ToyBox demo, which we saw in October, it was a real-time virtual ping-pong match. But this time, after a bit of chit-chat, Schroepfer traveled with his friend to an immersive, 360-degree environment: London.
       

Once there, the remote user played tour guide, showing the Oculus wearer on stage around a static 360-degree photo of London. It was impressive in that it showed the possibilities inherent in VR tourism. Using such a system, along with the Oculus headsets, a local tour guide could give another person a full tour of a location without anyone ever hopping on a plane.
VR Selfie


IMAGE: FACEBOOK
But no tour is complete without a selfie, and that's when Facebook blew our minds. The remote user pulled out a VR selfie stick, which had a virtual mirror on its end, and put his VR head next to the VR head of the Schroepfer, allowing them to take a VR selfie together in London from the comfort of their own remote environments.
And after the VR selfie, Facebook showed how the user could post it to their Facebook page by dropping it into a VR "mailbox" and watching it get beamed into the sky (ending up on your timeline).
VR Selfie


IMAGE: FACEBOOK
Sure, the selfie doesn't show their actual faces, but rather odd, polygonal drawings of their respective faces, but the demonstration was astounding nonetheless. And it's likely just a matter of time before they'll manage to get real faces into such an environment — and that's when things will really get interesting. This demo was just a prototype, and it's not available, but still... wow.
In recent weeks, Oculus has stoked anger online due to difficulties with shipping the first-generation Oculus Rift. But today's demo may lead at least a few users to rethink their impatience with the company and take another look. VR selfies are just too cool to resist.

Facebook is testing a massive change to your news feed

Facebook
In a move that could be the biggest thing to happen to the Facebook news feed since it was introduced, it appears the social network is quietly testing a massive revamp that will add a lot more news to the feed.
As seen in screenshots that surfaced on Twitter on Friday morning, Facebook is experimenting with a new layout on mobile that highlights multiple news sections, with topics such as World & U.S., Sports and Food. However, the primary (and presumably default) section is still the classic news feed we're accustomed to seeing.
Facebook confirmed to Mashable that it's testing the new, sectioned news feed, in addition to the current format, though it's unclear if the feature will ever get an official launch.

While the feature being tested isn't entirely new — we've seen some versions of topic-focused feeds in the past on iOS — the format revealed in the latest Android-based screenshots haven't quite been seen before.
"People have told us they’d like options to see more stories on Facebook around specific topics they’re interested in," a Facebook spokesperson said via email. "So we have been testing a few feeds for people to view more and different stories from people and Pages based on topic areas."

IMAGE: MASHABLE/TOM CRITCHLOW
The sections appear at the bottom of the screen, accessible by tapping or swiping left or right. After tapping one of the sections, such as World & U.S. News, the news feed updates to news articles that are related to the topic.
In theory, this news reader-style approach takes users to all of the news they care about, housed in one massive hub. It would also certainly encourage users to get more news from Facebook rather than other sources like Twitter or Google News.

“There’s a lot more content now with multiple feeds, instead of one,” Tom Critchlow, a marketing consultant who posted images of the revamped feed to Twitter, told Mashable. “As for the news and sports feeds, they have posts from my friends too and it feels very much more like a news aggregator rather than a personal space.”
There's also a tool to edit which feeds you'd like to see — meaning if you weren't into Sports, you can remove it from the categories and include things like Music or Animals & Pets instead. Out of the gate, however, all topics are turned on by default, Critchlow said.

Critchlow, who saw the feature on his Moto X, says the article news feed also includes a prompt to add people he doesn’t know as Facebook friends.
“This feels like a huge departure from the traditional Facebook model,” he said. “There's no ‘two friends in common’ label or anything like that. Perhaps there's some intelligence behind the scenes but nothing immediately obvious.”
“I can't help but see a lot of Twitter ties here, such as turning the default feeds into places you go to get news with third-party content, while Facebook Groups, Instagram and Messenger places would be where you share personal content,” Critchlow said.
Lance Ulanoff contributed to this report.
Have something to add to this story? Share it in the comments.