Results 1 to 7 of 7

Thread: Electronic Privacy Informaton center

  1. Header
  2. Header-68

BLiNC Magazine, always served unfiltered
  1. #1

    Electronic Privacy Informaton center

    EPIC - Electronic Privacy Information Center

    Google Changes Privacy Practices, Consolidates User Data

    Google announced that it would begin combining data gathered on users of over 60 Google products and services, including Gmail, Google+, Youtube, and the Android mobile operating system. Previously, users could use one Google service, such as Google+, without having their information combined with that gathered from other services, such as Youtube. Users cannot opt out of having their data combined unless they avoid signing into their user accounts or stop using Google’s services altogether. Google’s changes come after the company began surfacing personal information from Google+ in Google search results, a move that EPIC said raised privacy and antitrust issues. In 2010, EPIC, along with other privacy groups, wrote a letter to Google over the company's decision to combine user data among 12 Google services. Google is subject to a settlement with the Federal Trade Commission that establishes new privacy safeguards for users of all Google products and services and subjects the company to regular privacy audits. For more information, see EPIC: Federal Trade Commission and EPIC: Google Search.

  2. #2

    Re: Electronic Privacy Informaton center

    FTC Report Raises Privacy Questions About Mobile Applications for Children

    EPIC - Electronic Privacy Information Center


    FTC Report Raises Privacy Questions About Mobile Applications for Children

    WASHINGTON, Feb. 16, 2012 /PRNewswire via COMTEX/ -- Says Mobile Apps Offer Opportunities But Lack Information on Data Being Collected The Federal Trade Commission today issued a staff report showing the results of a survey of mobile apps for children. The survey shows that neither the app stores nor the app developers provide the information parents need to determine what data is being collected from their children, how it is being shared, or who will have access to it.

    "At the FTC, one of our highest priorities is protecting children's privacy, and parents deserve the tools to help them do that," said FTC Chairman Jon Leibowitz. "Companies that operate in the mobile marketplace provide great benefits, but they must step up to the plate and provide easily accessible, basic information, so that parents can make informed decisions about the apps their kids use. Right now, it is almost impossible to figure out which apps collect data and what they do with it. The kids app ecosystem needs to wake up, and we want to work collaboratively with industry to help ensure parents have the information they need." According to the FTC report, Mobile Apps for Kids: Current Privacy Disclosures are Disappointing, in 2008, smartphone users could choose from about 600 available apps. Today there are more than 500,000 apps in the Apple App Store and 380,000 in the Android Market. "Consumers have downloaded these apps more than 28 billion times, and young children and teens are increasingly embracing smartphone technology for entertainment and educational purposes." The report says the survey focused on the largest stores, the Apple App Store and the Android Market, and evaluated the types of apps offered to children, the disclosures provided to users, interactive features such as connectivity with social media, and the ratings and parental controls offered for such apps.

    The report notes that mobile apps can capture a broad range of user information from a mobile device automatically, including the user's precise geolocation, phone number, list of contacts, call logs, unique identifiers, and other information stored on the device. At the same time, "the report highlights the lack of information available to parents prior to downloading mobile apps for their children, and calls on industry to provide greater transparency about their data practices." While there was a diverse pool of kids apps created by hundreds of different developers, there was almost no information about the data collection and sharing on the Apple App store promotion pages and little information beyond general permission statements on the Android Market promotion pages. "In most instances, staff was unable to determine from the information on the app store page or the developer's landing page whether an app collected any data, let alone the type of data collected, the purpose for such collection, and who ... obtained access to such data." The report recommends: All members of the "kids app ecosystem" - the stores, developers and third parties providing services - should play an active role in providing key information to parents.

    App developers should provide data practices information in simple and short disclosures. They also should disclose whether the app connects with social media, and whether it contains ads. Third parties that collect data also should disclose their privacy practices.

    App stores also should take responsibility for ensuring that parents have basic information. "As gatekeepers of the app marketplace, the app stores should do more." The report notes that the stores provide architecture for sharing pricing and category data, and should be able to provide a way for developers to provide information about their data collection and sharing practices.

    The report notes that more should be done to identify the best way to convey data practices in plain language and in easily accessible ways on the small screens of mobile devices. The agency will host a public workshop in 2012, in connection with its efforts to update the FTC's "Dot Com Disclosure" guide, about how to provide effective online disclosures. "One of the topics that will be addressed is mobile privacy disclosures, including how they can be short, effective, and accessible to consumers on small screens." The FTC enforces the Children's Online Privacy Protection Rule. The Rule requires operators of online services, including interactive mobile apps, to provide notice and get parental consent prior to collecting information from children under 13. The report says in the next 6 months, FTC staff will conduct an additional review to determine whether some mobile apps were violating COPPA.

    The Federal Trade Commission works for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them. To file a complaint in English or Spanish, visit the FTC's online Complaint Assistant or call 1-877-FTC-HELP (1-877-382-4357). The FTC enters complaints into Consumer Sentinel, a secure, online database available to more than 2,000 civil and criminal law enforcement agencies in the U.S. and abroad. The FTC's website provides free information on a variety of consumer topics. Like the FTC on Facebook and follow us on Twitter.

    SOURCE Federal Trade Commission

  3. #3

    Re: Electronic Privacy Informaton center

    Smartphone apps dial up privacy worries - latimes.com

    Your address book is mine: Many iPhone apps take your data | VentureBeat

    Smartphone apps dial up privacy worries
    Undisclosed gathering of smartphone users' address book data by Twitter and other social networking companies brings heightened scrutiny by privacy advocates and lawmakers.

    Android smartphone

    An attendee looks over an Android smartphone during the 2012 International Consumer Electronics Show in Las Vegas in January. Twitter acknowledged this week that anyone who used its “Find Friends” feature on iPhones and Android phones was also sending every phone number and email address in his or her address book to the company, something that was not made clear to users. (Daniel Acker, Bloomberg / January 12, 2012)

    By David Sarno, Los Angeles Times

    February 16, 2012

    A new furor has erupted over digital privacy concerns following disclosures that Twitter Inc. and other social networking companies are reaching into people's smartphones and retrieving their personal contact information without getting explicit permission.

    Twitter acknowledged this week that anyone who used its "Find Friends" feature on iPhones and Android phones was also sending every phone number and email address in his or her address book to the company, something that was not made clear to users.

    The San Francisco company said it would clarify that policy, but its actions triggered fresh concerns from privacy advocates and lawmakers over what they said was an unconscionable intrusion into personal information.

    "People care about their privacy, and they should be told when their information is being collected and given some choice in the matter," Rep.Henry A. Waxman(D-Beverly Hills) said in an interview Wednesday.

    The latest privacy concerns emerged as online services dig deeper into users' habits, including where they go, which websites they visit and what they read and watch online. Analysts say these firms are now building large databases of personal contact information that can help them expand the reach of their services — and eventually leverage that private information into advertising dollars.

    The mining of personal contacts lists came to light last week after an iPhone developer in Singapore discovered that an iPhone app called Path was downloading iPhone users' entire address book without alerting them. After the developer, Arun Thampi, posted his finding on his blog, Path quickly issued an apology and said it would stop the practice.

    In the wake of Path's apology, other popular social media app companies acknowledged that they too retrieved users' address books. Social networking services Twitter, FourSquare, Instagram and FoodSpotting all said they would update their services soon to make the process clearer to users.

    Twitter said Wednesday that it plans to update its apps to clarify that user contacts are being transmitted and stored.

    "We want to be clear and transparent in our communications with users," Twitter spokesperson Carolyn Penner wrote in an email to The Times.

    The company declined to say whether it would reach out directly to existing users to alert them that the company may have downloaded their address books.

    Though Waxman cited Twitter and other social networking services, he directed his concerns toApple Inc., which approves all applications that are used on its iPhones. Apple has said it forbids apps from gathering personal information without permission.

    In a letter to Apple, Waxman and Rep. G.K. Butterfield(D-N.C.), ranking members of the House Energy and Commerce Committee, asked Apple if its "policies and practices may fall short when it comes to protecting the information of iPhone users and their contacts."

    Apple acknowledged that apps that gather address book information without permission are "in violation of our guidelines," and said that in a future software release it would require apps to get users' permission before they accessed contact data.

    But some privacy researchers said Apple has long exercised rigorous control over the apps it makes available to its iPhone users and was unlikely to have been ignorant of the practice.

    Apple has "basically left the barn open, and people are surprised that companies have run into the barn and stolen everything," said Chris Soghoian, a privacy researcher and former technologist at the Federal Trade Commission's division of privacy and identity protection.

    Indeed, Path creator Dave Morin, while agreeing to provide better disclosure, responded to criticism by saying that collecting user address book data was an "industry best practice."

    The tapping of contact lists is just the latest controversy to ensnare social networking companies and smartphone makers.

    Last April, researchers discovered that the iPhone kept a detailed log of its precise whereabouts, storing up to a year's worth of user location data. Saying bugs were causing the device to store too much information, Apple modified the software to store only a week's worth of locations, which it said helped the phone find local cellular towers more easily.

    And in December, an amateur security analyst discovered that a little-known company called Carrier IQ Inc. had the ability to log huge amounts of data from smartphones of AT&T,T-Mobileand Sprint users, including every key they pressed and the content of text messages. The company said that although that data was technically available to it, it did not use it.

    Privacy analysts say the value of user behavior data is difficult for technology companies to ignore, and in the absence of clearly drawn laws protecting users' data privacy, firms often err on the side of collecting as much information as they can.

    "App developers are like, this data is there; I'm going to use it until someone tells me otherwise," said Ashkan Soltani, an independent privacy analyst. "People are going to continue to push the boundaries, especially as long as these boundaries are blurry."

    david.sarno@latimes.com

  4. #4

    Re: Electronic Privacy Informaton center

    Google Under Fire For Circumventing Safari Privacy Setting | TechCrunch

    Google's tracking of Safari users could lead to FTC investigation - U.S. Federal Trade Commission, security, Regulation, Rachel Whetstone, privacy, legal, Justin Brookman, Jonathan Mayer, John Simpson, Jeffrey Chester, government, Google, Consume

    Google Under Fire For Circumventing Safari Privacy Setting
    Devin Coldewey

    It’s a tense time for Google: controversial policy and user-experience changes are combining with a growing distrust of tracking and advertising to produce something of a toxic atmosphere. Not the moment, then, you would want a minor scandal to erupt in the form of Google circumventing, intentionally or unintentionally, the privacy settings of millions of Safari users.

    The allegations have their source in a report by Stanford grad student Jonathan Mayer, who showed that using Safari triggered a special behavior in the normal cookie-creation process; his report was later played up by the Wall Street Journal. This behavior deliberately goes around the default Safari behavior of blocking all third-party cookies — like one from Google when you’re visiting TechCrunch.

    Google says it’s a side-effect from something else, but even if that’s true, it’s still ugly.

    The gist of the exploit is this: normally, a plain HTTP request to put a cookie on a machine running Safari would be acknowledged, vetted, and either accepted (for something like Amazon tracking your position on the site), or rejected (for something like DoubleClick meta-cookies). Google’s (DoubleClick’s, technically, but ultimately it’s Google’s) special cookie dispenser, however, would detect that Safari was being used, and “fill out” a form element on the client side, sending that out instead of a plain request.

    It’s a documented feature, this form request for cookies, not some crazy illicit web stunt. Other online advertising companies do it as well, but that’s not really an endorsement. But the way it’s set up is fundamentally shady: using javascript to fill out an invisible form with the information that would normally be sent by other means, but isn’t — because the user has chosen not to. It sidesteps the Safari preferences neatly, by means of a loophole in the cookie-submission process.

    Interestingly, that loophole was closed seven months ago in Webkit — by Google. One can view this cynically or generously. Cynically, it could be suggested that Google closed the hole but decided to exploit it in order to track Safari browsers — not the biggest piece of the desktop pie, but huge since it’s the default browser on iOS (also vulnerable). Generously, it could be said that Google fixed the problem and designed around a standard they helped achieve, and this tracking is in fact a side effect.

    That’s something like what Google has actually said. In a statement, they say that last year they implemented some things to make sure +1 buttons (which of course are a form of third-party tracking, like most share elements) worked in Safari. They rigged a way to determine, on the level, whether a user had opted in or out to Google-related tracking, and if so, whether they were logged in. Fairly standard. But then:

    However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers.

    Whether they are using the phrase “contained functionality” ironically isn’t clear. After all, they’re describing a security vulnerability they sewed up back in the day. Apple, for their part, has only said that they will be working to “put a stop to it.” Whether that means they’ll be adopting the same Webkit changes Google did isn’t clear.

    It’s a bit much to swallow that Google designed functionality specifically for the browser and failed to notice this particular quirk. And the huge numbers of Safari browsers reporting data to Doubleclick should have been a red flag as well.

    What matters in the end, though, is that a Google product violated the expressed privacy preferences of millions of users. Whether it was a mistake, an outdated browser on the user’s side, and whether the data was effectively anonymized — people won’t care about this. This is a big stumble when Google needed to be treading lightly. A little perspective and investigation might make this violation more or less serious, but the damage is done. Google is going to have to take some big steps to repair their image after the beating it’s taken over the last few months.

    Here’s Google’s full statement on the matter:

    The Journal mischaracterizes what happened and why. We used known Safari functionality to provide features that signed-in Google users had enabled. It’s important to stress that these advertising cookies do not collect personal information.

    Unlike other major browsers, Apple’s Safari browser blocks third-party cookies by default. However, Safari enables many web features for its users that rely on third parties and third-party cookies, such as “Like” buttons. Last year, we began using this functionality to enable features for signed-in Google users on Safari who had opted to see personalized ads and other content–such as the ability to “+13 things that interest them.

    To enable these features, we created a temporary communication link between Safari browsers and Google’s servers, so that we could ascertain whether Safari users were also signed into Google, and had opted for this type of personalization. But we designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous–effectively creating a barrier between their personal information and the web content they browse.

    However, the Safari browser contained functionality that then enabled other Google advertising cookies to be set on the browser. We didn’t anticipate that this would happen, and we have now started removing these advertising cookies from Safari browsers. It’s important to stress that, just as on other browsers, these advertising cookies do not collect personal information.

    Users of Internet Explorer, Firefox and Chrome were not affected. Nor were users of any browser (including Safari) who have opted out of our interest-based advertising program using Google’s Ads Preferences Manager.

  5. #5

    Re: Electronic Privacy Informaton center

    Cyber-security expert finds new flaw in smartphones

    By KEN DILANIAN - Los Angeles Times

    WASHINGTON -- Just as U.S. companies are coming to grips with threats to their computer networks emanating from cyber-spies based in China, a noted expert is highlighting what he says is an even more pernicious vulnerability in smartphones.

    Dmitri Alperovitch, the former McAfee Inc. cyber security researcher best known for identifying a widespread China-based cyber-espionage operation dubbed Shady Rat, has used a previously unknown hole in smartphone browsers to plant China-based malware that can commandeer the device, record its calls, pinpoint its location and access user texts and emails. He conducted the experiment on a phone running Google Inc.'s Android operating system, although he says Apple Inc.'s iPhones are equally vulnerable.

    "It's a much more powerful attack vector than just getting into someone's computer," said Alperovitch, who just formed a new security company called CrowdStrike with former McAfee Chief Technology Officer George Kutz.

    Alperovitch, who has consulted with the U.S. intelligence community, is scheduled to demonstrate his findings Feb. 29 at the RSA conference in San Francisco, an annual cyber-security gathering. The Shady Rat attack he disclosed last year targeted 72 government and corporate entities for as long as five years, siphoning unknown volumes of confidential material to a server in China.

    Alperovitch said he and his team commandeered an existing piece of malware called Nickispy, a remote access tool from China that was identified last year by anti-virus firms as a so-called Trojan horse. The malware was disguised as a Google+ app that users could download. But Google quickly removed it from its Android Market app store, which meant that few users were hit.

    Alperovitch and his team reverse-engineered the malware, he said, and took control of it. He then conducted an experiment in which malware was delivered through a classic "spear phishing" attack - in this case, a text message from what looks like a mobile phone carrier, asking the user to click on a link. Alperovitch said he exploited what's known as a zero-day vulnerability in smartphone browsers to secretly install the malware. Zero-day vulnerabilities are ones that are not yet known by the manufacturers and anti-virus companies.

    "The minute you go the site, it will download a real-life Chinese remote access tool to your phone," he said. "The user will not see anything. Once the app is installed, we'll be intercepting voice calls. The microphone activates the moment you start dialing."

    The malware also intercepts texts and emails and tracks the phone's location, he said. In theory, it could be used to infiltrate a corporate network with which the phone connects.

    There is no security software that would thwart it, he said.

    As smartphone use has exploded, malware has not been as much of a problem as it has with laptops and desktops, Alperovitch said, because most people download applications through app stores that are regulated by Google and Apple. If cyber-thieves and spies figure out a way to get malware on the devices by bypassing the app store - as Alperovitch says he has demonstrated - it could cause huge problems.

    "This really showcases that the current security model for smartphones is inadequate," he said.

    Earlier this month, the top U.S. intelligence official, James Clapper, accused China and Russia of engaging in "wholesale plunder of our intellectual property" through cyber-attacks. Both countries deny a state-sponsored policy of cyber-espionage. The U.S. says it doesn't steal trade secrets or intellectual property. Western business executives who travel to China these days frequently take extraordinary computer security precautions, including ensuring that any device they bring to China is never again connected to their corporate networks.

    Last year, anti-virus firm Trend Micro Inc. found a Chinese website that charged $300 to $540 to customers who wanted to spy on smartphones that ran Symbian or Windows Mobile operating systems. The website offered to send Nickispy as an attachment to a multimedia message.

    Read more here:Cyber security expert finds new flaw in smartphones - latimes.com

  6. #6

    Re: Electronic Privacy Informaton center

    EPIC Files Suit for FBI "Sting Ray" Cell Phone Tracking Documents

    EPIC has filed a FOIA lawsuit against the FBI for documents related to the Government's use of cell phone tracking technology, known as "Sting Ray.".For more than 15 years the FBI has used cell-site simulator technology to track the location of a cell phones and other communications devices. Cell-site simulators act like a fake cell towers and can be used to monitor and track cell phone users even when the device is not in use. The technique also tracks all individuals in a region, irregardless of whether they are the suspect in an investigation. Government attorneys have recently fought against the discovery of documents related to the use of these devices. In February 2012, EPIC filed a Freedom of Information Act request with the FBI, but so far the agency has not responded or disclosed any documents as required by law. EPIC has recently filed amicus curiae briefs in Supreme Court, and Federal Court cases related to Government location tracking. For more information see: EPIC: Locational Privacy, EPIC: US v. Jones and EPIC: In re US Application for Historic Cell-Site Location Information.

  7. #7

    Re: Electronic Privacy Informaton center

    HTTPS Everywhere

    HTTPS Everywhere is a Firefox and Chrome extension that encrypts your communications with many major websites,
    making your browsing more secure. Encrypt the web: Install HTTPS Everywhere today.

    https://www.eff.org/https-everywhere

    Hiren’s BootCD

    All Versions | HBCD Fan & Discussion Platform
    Last edited by airdog07; May 11th, 2013 at 06:15 AM.

Similar Threads

  1. Privacy is Dead – Get over it!
    By airdog07 in forum The BLiNC Lounge
    Replies: 0
    Last Post: September 15th, 2010, 02:46 AM
  2. Replies: 0
    Last Post: August 27th, 2009, 09:40 AM
  3. FBI - Electronic Surveillance Needs for VOIP
    By airdog07 in forum The BLiNC Lounge
    Replies: 1
    Last Post: March 25th, 2008, 01:02 PM
  4. SSN and privacy link.
    By space in forum The 'Original' BASE Board
    Replies: 4
    Last Post: April 25th, 2002, 07:54 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •