Tech Letter

Straightforward Tech Reporting

iPhone 11 Pro shares location data even when the option has been turned off in iOS 13

Apple, a company that prides itself on customer privacy, seems to have been caught with it’s privacy pants down around it’s ankles. It’s collecting user location data when it’s preaching to it’s customers that it’s better than everyone else.

Security researcher Brian Krebs has discovered Apple’s current flagship, the iPhone 11 Pro, continues to share a location data even after the functionality was turned off in iOS 13.

Kerbs on Security »

One of the more curious behaviors of Apple’s new iPhone 11 Pro is that it intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data. Apple says this is by design, but that response seems at odds with the company’s own privacy policy.

Apple’s response to Kerbs »

“We do not see any actual security implications,” an Apple engineer wrote in a response to KrebsOnSecurity. “It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings” [emphasis added].

Read Brian Krebs’ whole post »

More » The Mac Observer, SiliconAngle, The Next Web, Fast Company, CNET, TechSpot, The Inquirer

Larry Page and Sergey Brin are stepping back from their day-to-day roles as CEO and President of Alphabet and Google

They’ve come a long way from the early days of “Don’t be evil”

With Alphabet now well-established, and Google and the Other Bets operating effectively as independent companies, it’s the natural time to simplify our management structure. We’ve never been ones to hold on to management roles when we think there’s a better way to run the company. And Alphabet and Google no longer need two CEOs and a President. Going forward, Sundar will be the CEO of both Google and Alphabet. He will be the executive responsible and accountable for leading Google, and managing Alphabet’s investment in our portfolio of Other Bets. We are deeply committed to Google and Alphabet for the long term, and will remain actively involved as Board members, shareholders and co-founders. In addition, we plan to continue talking with Sundar regularly, especially on topics we’re passionate about!

Read » A letter from Larry and Sergey

More »

NYTimes » How Google’s Founders Slowly Stepped Away From Their Company

The Verge » The rise, disappearance, and retirement of Google co-founders Larry Page and Sergey Brin

ABC News, Seeking Alpha, CNet, Reuters, Axios, The Inquirer

What would social media look like if it served the public interest?

James Yang, writing in the Columbia Journalism Review »

Of the world’s top hundred websites, Wikipedia is the sole noncommercial site. If the contemporary internet is a city, Wikipedia is the lone public park; all the rest of our public spaces are shopping malls—open to the general public, but subject to the rules and logic of commerce.

Read the whole article at CJR »

Plex launches a free, ad-supported streaming service — featuring movies, TV shows, news — worldwide

What makes this announcement unique, Plex has structured its deals with studios and other copyrights holders to stream content to, reportedly, over 200 countries.

More » 9to5Mac, MacRumors, Android Authority, The Verge, iPhone in Canada Blog, Mobile Syrup, TechSpot, SlashGear

Twitter announced it is moving all accounts of users outside of the U.S. and the EU from Dublin, Ireland to the San Francisco where it will be subject to U.S. and California privacy and surveillance laws

Twitter also launched the Twitter Privacy Center in an effort to be more transparent, to offer »

more clarity around what we’re doing to protect the information people share with us.

Elizabeth Culliford, writing for Reuters »

The changes, which will take effect on Jan. 1, 2020, will comply with the California Consumer Privacy Act (CCPA).

The California law requires large businesses to give consumers more transparency and control over their personal information, such as allowing them to request that their data be deleted and to opt out of having their data sold to third parties.

[…]

Twitter also announced on Monday that it is moving the accounts of users outside of the United States and European Union which were previously contracted by Twitter International Company in Dublin, Ireland, to the San Francisco-based Twitter Inc.

The company said this move would allow it the flexibility to test different settings and controls with these users, such as additional opt-in or opt-out privacy preferences, that would likely be restricted by the General Data Protection Regulation (GDPR), Europe’s landmark digital privacy law.

Read the whole article on Reuters »

More » Twitter’s Blog Post, Security Week, TechCrunch, CNet, Engadget, Fast Company

Your video doorbell company allowed police access to video that monitors customers

The Amazon Ring doorbell comes packaged with many security and privacy concerns. And Amazon makes it awfully easy for the local police to violate people’s privacy.

Alfred Ng, writing for CNet »

For more than a year, police departments partnered with Amazon’s Ring unit had access to a map showing where its video doorbells were installed, down to the street they were on, public documents revealed. So while Ring said it didn’t provide police with addresses for the devices, a feature in the map tool let them get extremely close. The feature was removed in July.

[…]

The heat maps feature was one of several surveillance tools that Ring told police “should not be shared with the public.” The first Ring police partnership listed started in March 2018, and the video doorbell company had at least 335 police partners by the time it disabled the feature, records show.

Ring, which Amazon purchased for $839 million in February 2018, has now partnered with up to 631 law enforcement agencies in the US, creating a public surveillance tool for police departments through its video doorbells.

Read the whole article on CNet »

» Shreyas Gandlur’s Amazon Ring Video Doorbell Documents

Shreyas Gandlur » Privacy researcher and Student at the University of Illinois at Urbana-Champaign

More » Engadget, Vox, Vice

Hackers are exploiting an unpatched Android flaw to drain users’ bank accounts

All versions of Android are at risk and all of the top 500 most popular Android apps are vulnerable.

Zeljka Zorz, writing in HelpNetSecurity »

Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users’ mobile banking credentials and empty their accounts, a Norwegian app security company has warned.

[…]

“StrandHogg is unique because it enables sophisticated attacks without the need for the device to be rooted. To carry out attacks, the attacker doesn’t need any special permissions on the device. The vulnerability also allows an attacker to masquerade as nearly any app in a highly believable manner,” they noted.

StrandHogg allows attackers to show to users fake login screens and ask for all types of permissions that may ultimately allow them to:

  • Read and send SMS messages (including those delivering second authentication factors)
  • Phish login credentials
  • Make and record phone conversations
  • Listen to the user through the microphone
  • Take photos through the device’s camera
  • Get access to photos, files on the device, location and GPS information,the contacts list, phone logs, etc.

Read the whole article on HelpNetSecurity »

More » The Hacker News, Security Affairs, Security Week, ZDNet

U.S. Dept. Homeland Security wants to expand airport face recognition scans to include American citizens

Zack Whittaker, via TechCrunch »

U.S. citizens and lawful permanent residents — also known as green card holders — have been exempt from these checks, the existing rules say.

Now, the proposed rule change to include citizens has drawn ire from one of the largest civil liberties groups in the country.

“Time and again, the government told the public and members of Congress that U.S. citizens would not be required to submit to this intrusive surveillance technology as a condition of traveling,” said Jay Stanley, a senior policy analyst at the American Civil Liberties Union .

“This new notice suggests that the government is reneging on what was already an insufficient promise,” he said.

Read the whole article on TechCrunch »

More » CNN via The Mercury News

Canadian courts powerless to order Facebook to hand over private messages

Result » Canadian federal legislators need to enact legislation that will be enforceable within Canadian jurisdiction.

If Facebook, and others, want to operate within Canadian borders, they must be expected to work within Canadian society’s rules, regulations, and customs.

Kate Dubinski, writing in CBC News »

The case involved Facebook messages that police in London, Ont., wanted to access in order to proceed with a homicide investigation and trial.

Because Facebook is an American company, the usual legal process involves Canadian authorities applying for evidence, in this case from the Facebook Messenger app, through a mutual legal assistance treaty (MLAT). The treaty has been used for decades by police on both sides of the border to get access to physical evidence.

In this case, a judge issued a production order — essentially a legal order for Facebook to give up the information. Authorities thought that would be quicker than the treaty process, which takes about four months.

But when it became clear this fall Facebook would fight tooth and nail against having to comply with a Canadian judge’s order, the Crown applied through the MLAT for the messages and received them.

Read the whole article in CBC News »

EU to investigate Google over data collection practices

Antitrust regulators in the European Union are investigating Google’s data collection practices, according to “exclusive” reporting at Reuters

Over the last couple of years, European Competition Commissioner Margrethe Vestager  has handed down fines totalling more than €8 billion (~ C$11 billion) to Google and ordered it to change its business ways.

Foo Yun Chee, writing for Reuters »

“The Commission has sent out questionnaires as part of a preliminary investigation into Google’s practices relating to Google’s collection and use of data. The preliminary investigation is ongoing,” the EU regulator told Reuters in an email.

Read the whole article on the Reuters web site »

More » The Guardian, CNN, International Business Times, Business Insider, The Mercury News

« Older posts

© 2019 Tech Letter

Theme by Anders NorenUp ↑