Tech Letter

Technology Joe Public can rely on

Category: Hardware

Former Conservative leader Sir Iain Duncan Smith is asking the British government to rethink its decision to allow Huawei to play a role in the UK’s 5G network

There appear to be legitimate national security concerns about allowing Chinese firm Huawei to bid on and install 5G mobile networking equipment. Boris Johnson’s government announced they will allow the firm to install it’s equipment, however, they have not addressed those concerns or stated why they will allow this added risk, when there are other highly reputable alternatives.

The decision appears to be a political one, and not one based on facts. To be clear, Huawei should not be banned based on what is being asked for by the Trump Administration. National security should be top priority.

BBC »

In a letter, the group – which includes four ex-cabinet ministers – said there were alternatives to the Chinese firm.

They want “high-risk” vendors to be ruled out now, or phased out over time.

Foreign Secretary Dominic Raab said the decision followed a “rigorous” review by security experts and that Huawei’s involvement would be restricted.

More » The Independent

Amazon’s Ring doorbell sends customer’s personal data to Facebook and Google

BBC »

The Electronic Frontier Foundation found the Ring app was “packed” with third-party tracking, sending out customers’ personally identifiable information.

Five companies were receiving a range of information, including names, IP addresses and mobile networks, it said.

Ring said it limited the amount of data it shared.

The company told Gizmodo: “Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimise the customer experience and evaluate the effectiveness of our marketing.”

But the EFF said Ring was failing to protect users’ privacy, noting only one of the trackers it had found was mentioned in the company’s privacy policy.

US Army bans soldiers from using TikTok » The app is considered a “cyber threat”

 Justine Calma, The Verge »

United States Army soldiers can no longer use TikTok on government-owned phones following a decision to ban the app. The move comes amidst ongoing worries that the video app owned by Beijing-based company ByteDance could compromise national security or be used to influence or surveil Americans.

“It is considered a cyber threat,” Army spokeswoman Lt. Col. Robin Ochoa told Military.com, which broke the news on December 30th. The army reportedly used TikTok to recruit members prior to the ban.

Both the Navy and Defense Department sounded alarms on TikTok earlier this month. The Navy previously told its members not to add the app, and to delete it from government-issued devices if it was already installed. The Defense Department also instructed employees to “be wary of applications you download, monitor your phones for unusual and unsolicited texts etc., and delete them immediately and uninstall TikTok to circumvent any exposure of personal information,” according to military.com.

More » CNN

Related » US Navy Bans TikTok From Military Devices » Security Boulevard (Dec 27, 2019)

More » BoingBoing, The Next Web, SecurityAngle

Related » TikTok eyes global headquarters outside of China as US scrutiny mounts – Tech in Asia (Dec 24, 2019)

More » WSJ

NY Times journalists answer » What’s the worst that could happen to your smartphone data?

NY Times »

None of us really has a choice to participate in tracking or not — the system just serves up location data, usually without us noticing. So for people who do want a bit of privacy — worshipers, young people visiting Planned Parenthood, those visiting a queer space, survivors hiding from an abuser — they no longer have a real choice about their privacy. Because the tracking touches everyone, can we really give up after concluding it’s fine for us? When we participate in this system, we’re tacitly endorsing it.

[…]

Your imagination can run wild with possibilities. It runs from tracking kids to tracking the nation’s top security officials and using the intelligence for some kind of blackmail.

For us, it was talking to one group that was so concerned they didn’t want to be named. We expected them to be worried, but in conversations with them, they were downright scared. When we showed them all the device pings collected in the center of their building during a gathering, they were horrified that people could know exactly who and how many people were in the building and when. The idea that their community members were followed in the data and we could figure out where they all lived — it wasn’t an abstract threat anymore. It was real and personal for them, especially since they felt like a target already.

Be paranoid about privacy

Kara Swisher, NY Times (paywall) »

Privacy has been losing badly, as users have become the online equivalent of cheap dates to these giant tech companies. We trade the lucrative digital essence of ourselves for much less in the form of free maps or nifty games or compelling communications apps.

We’re digitally sloppy, even if it can be very dangerous, as evidenced by a disturbing New York Times story this week about an Emirati secure messaging app called ToTok, which is used by millions across the Middle East and has also recently become one of the most downloaded in the United States.

The name was obviously used to place the app adjacent to the hugely popular TikTok, already under scrutiny by American officials because of its Chinese origins and possible link to the Beijing government. In the case of ToTok, according to the Times report, it turns out that it is a spy tool “used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.”

The Amazon-owned Ring doorbell is a privacy and security nightmare

Ring is acting like my stubborn Cairn Terrier when she wants her own way. This is blatant and wilful ignorance. Turning a blind eye. Hoping it will just go away and no one will notice. Without thought of the consequences.

» If someone logs into your Ring account, Ring does nothing »

  • Ring does not send the owner an email warning you about an unknown.
  • Ring does not keep a record of the intrusion.

Joseph Cox, Vice’s Motherboard »

From across the other side of the world, a colleague has just accessed my Ring account, and in turn, a live-feed of a Ring camera in my apartment. He sent a screenshot of me stretching, getting ready for work. Then a second colleague accessed the camera from another country, and started talking to me through the Ring device.

“Joe can you tell I’m watching you type,” they added in a Slack message. The blue light which signals someone is watching the camera feed faded away. But I still couldn’t shake the feeling of someone may be tuning in. I went into another room.

My colleagues were only able to access my Ring camera because they had the relevant email address and password, but Amazon-owned home security company Ring is not doing enough to stop hackers breaking into customer accounts, and in turn, their cameras, according to multiple cybersecurity experts, people who write tools to break into accounts, and Motherboard’s own analysis with a Ring camera it bought to test the company’s security protections.

Related » Ring passwords have been found on the dark web (TechCrunch)

More » CNET

RISC-V Foundation overseeing promising chip technology will soon move from Delaware to neutral Switzerland over concerns about potential U.S. trade restrictions

This is nerdy, but also possibly the start of an important trend. RISC-V is getting more and more popular.

The non-profit RISC-V Foundation sets standards for the promising semiconductor architecture. Over 325 companies and entities use the RISC-V standards, including U.S. and European chip suppliers such as Qualcomm Inc and NXP Semiconductors.

Stephen Nellis and Alexandra Alper, writing for Reuters »

The nonprofit RISC-V Foundation (pronounced risk-five) wants to ensure that universities, governments and companies outside the United States can help develop its open-source technology, its Chief Executive Calista Redmond said in an interview with Reuters.

She said the foundation’s global collaboration has faced no restrictions to date but members are “concerned about possible geopolitical disruption.”

From around the world, we’ve heard that ‘If the incorporation was not in the U.S., we would be a lot more comfortable’,” she said. Redmond said the foundation’s board of directors approved the move unanimously but declined to disclose which members prompted it.

More » The Register

Related » Semiconductor Engineering » RISC-V Markets, Security And Growth Prospects

Russia is banning the sale of smartphones, computers, and smart TVs that are not pre-installed with Russian software

Russia is forcing hardware manufacturers that wish to sell their goods in Russia, to install Russian made software on electronic devices.

Why? Because Surveillance.

The law is coming into effect July 2020.

BBC »

Proponents of the legislation say it is aimed at promoting Russian technology and making it easier for people in the country to use the gadgets they buy.

But there are concerns about surveillance and fears that firms could pull out of the Russian market.

[…]

“When we buy complex electronic devices, they already have individual applications, mostly Western ones, pre-installed on them,” he said, according to Interfax news agency.

“Naturally, when a person sees them… they might think that there are no domestic alternatives available. And if, alongside pre-installed applications, we will also offer the Russian ones to users, then they will have a right to choose.”

More » Reuters, The Next Web, Android Central, The Inquirer, The Mac Observer, AppleInsider, Engadget

How you charge your mobile phone could compromise its battery lifespan

University of Warwick

Researchers at the University of Warwick have found that use of wireless charging, while convenient, shortens the life of mobile phone’s lithium-ion batteries.

Amazon’s favourite new word is ‘Privacy,’ but do they know what it means?

Amazon today rolled out a marathon of products at its fall 2019 devices event. Privacy was mentioned throughout the presentation. Amazon is acutely aware that a large segment of consumers are troubled by Amazon’s personal invasions and lack of transparency.

Dell Cameron at Gizmodo writes »

Today, so-called “privacy” policies are little more than legal disclosures vaguely articulating the numerous ways in which companies, like Amazon, intend to track their customers and gather their personal information

If privacy is dead, we can thank Amazon (among plenty of other companies, of course) for helping arrange its demise.

and »

An in-depth investigation by Bloomberg in April revealed that thousands of human beings were listening to recordings of Alexa users in an attempt to improve its performance. Naturally, the company hid this from everyone, burying the language about it deep in its service terms—which, let’s be honest, no has the time to read.

The company fessed up but also attempted to downplay the invasion…

and »

Privacy advocates have basically given up on Amazon, believing that its promises about protecting its customers are too little and too late. Evan Greer, deputy director of digital rights group Fight for the Future, said in a statement that the company simply cannot be trusted.

“Amazon claims ‘customers control their data’ yet they had plans for 911 calls to trigger all Ring cameras in the surrounding neighborhood to wake up and start recording,” she said. “This is what Amazon does. They make empty statements to sell their products and then continue to build a for-profit, surveillance dragnet without oversight and accountability.”

Read the whole article at Gizmodo »

© 2020 Tech Letter

Theme by Anders NorenUp ↑