Tech Letter

Technology Joe Public can rely on

Category: Surveillance (page 1 of 3)

Four things you can do today that helps protect your privacy and security

1. Scrub your email

2. Ditch old passwords

3. Update your software

4. Upgrade your browser

More » Mozilla

Former Conservative leader Sir Iain Duncan Smith is asking the British government to rethink its decision to allow Huawei to play a role in the UK’s 5G network

There appear to be legitimate national security concerns about allowing Chinese firm Huawei to bid on and install 5G mobile networking equipment. Boris Johnson’s government announced they will allow the firm to install it’s equipment, however, they have not addressed those concerns or stated why they will allow this added risk, when there are other highly reputable alternatives.

The decision appears to be a political one, and not one based on facts. To be clear, Huawei should not be banned based on what is being asked for by the Trump Administration. National security should be top priority.

BBC »

In a letter, the group – which includes four ex-cabinet ministers – said there were alternatives to the Chinese firm.

They want “high-risk” vendors to be ruled out now, or phased out over time.

Foreign Secretary Dominic Raab said the decision followed a “rigorous” review by security experts and that Huawei’s involvement would be restricted.

More » The Independent

US Homeland Security Dept has purchased access to at least one database to track the locations of millions of mobile phones and is using the info in immigration and border controls and possibly other secret government surveillance programs

If the headline surprises you, you haven’t been paying attention. This has been going on for years. Ask Snowden.

What I’d like to know is how much tracking is DHS doing outside it’s borders?

US Department of Homeland Security (DHS) acknowledges tracking millions of smartphone users within the USA, despite a Supreme Court order limiting it’s authority to do so. DHS will not state how the data is being used.

Byron Tau and Michelle Hackman, Wall Street Journal »

The Trump administration has bought access to a commercial database that maps the movements of millions of cellphones in America and is using it for immigration and border enforcement, according to people familiar with the matter and documents reviewed by The Wall Street Journal.

The location data is drawn from ordinary cellphone apps, including those for games, weather and e-commerce, for which the user has granted permission to log the phone’s location.

More » Apple Insider

Gaia-X » Europe’s plan to avoid an over-reliance on US-based cloud providers Google, Amazon, and others

The EU is putting together a consortium to build a new, non-US, based cloud platform. It’s called Gaia-X.

Will Bedingfield, Wired »

The project is a collaboration between the European Commission, Germany, France, and according to an email from a spokesperson for Germany’s Federal Ministry for Economic Affairs and Energy “some 100 companies and organisations”. (Firms confirmed include SAP SE, Deutsche Telekom AG, Deutsche Bank AG, Siemens and Bosch.) The first proofs of concept for the European cloud are set to be ready towards the end of this year.

The driving motivation behind the project is “data sovereignty”, or, more accurately “data governance” – an ambition to bring the flow and storage and data under greater European control. “Data sovereignty is the key to GAIA-X,” says Harald Summa, the CEO of DE-CIX Group AG, a group involved in the project. “Especially given that our society is relying more and more heavily on digital services, it is in the interest of a state or a region to enable a certain level of independence from external service providers.”

The project is a direct response to the dominance of American and Chinese service providers. The European Commission has already locked horns with Google, fining the company €4.34 billion for antitrust violations back in 2018. The US Cloud Act requires American firms to provide law enforcement with customers’ personal data on request, even when the servers containing the information are abroad.

Continue reading

Amazon’s Ring doorbell sends customer’s personal data to Facebook and Google

BBC »

The Electronic Frontier Foundation found the Ring app was “packed” with third-party tracking, sending out customers’ personally identifiable information.

Five companies were receiving a range of information, including names, IP addresses and mobile networks, it said.

Ring said it limited the amount of data it shared.

The company told Gizmodo: “Like many companies, Ring uses third-party service providers to evaluate the use of our mobile app, which helps us improve features, optimise the customer experience and evaluate the effectiveness of our marketing.”

But the EFF said Ring was failing to protect users’ privacy, noting only one of the trackers it had found was mentioned in the company’s privacy policy.

Avast’s ‘Free’ antivirus compiles your browsing history and sells them to the highest bidder

Avast is yet another company that demonstrates ‘free’ really means you are the product.

Ryan Whitwam, ExtremeTech »

That’s the case with the free antivirus products from Avast, which harvest browsing history for sale to major corporations. Despite claims that its data is fully anonymized, an investigation by our sister site PCMag and Motherboard shows how easy it is to unmask individual users.

Avast, which offers antivirus products under its own brand as well as AVG, has traditionally gotten high marks for its malware blocking prowess. When setting up the company’s free AV suite, users are asked to opt into data collection. Many do so after being assured all the data is anonymized and aggregated to protect their identities. However, Avast is collecting much more granular data than anyone expected, and that puts your privacy at risk.

Avast markets user data through its Jumpshot subsidiary, which has relationships with firms like Google, Pepsi, Microsoft, and Home Depot. PCMag and Motherboard managed to gain access to internal documents and a sample of data from Jumpshot, and they found Avast is tracking user clicks down to the second. Here’s an example of Jumpshot’s data format.

Read the whole article on ExtremeTech »

Apple dropped plan for encrypting iCloud after FBI complained about the initiative

Joseph Menn, Reuters »

Apple Inc. dropped plans to let iPhone users fully encrypt backups of their devices in the company’s iCloud service after the FBI complained that the move would harm investigations, six sources familiar with the matter told Reuters.

The long-running tug of war between investigators’ concerns about security and tech companies’ desire for user privacy moved back into the public spotlight last week, as U.S. Attorney General William Barr took the rare step of publicly calling on Apple to unlock two iPhones used by a Saudi Air Force officer who shot dead three Americans at a Pensacola, Florida naval base last month.

James Vincent, The Verge » Apple can’t read your on-device data, but it can read your iCloud backups

This information is encrypted to stop attackers, but Apple holds the keys to decrypt it and shares it with police and governments when legally required.

Jon Brodkin, Ars Technica »

Apple has not implemented end-to-end encryption for iCloud Backup, the service that lets customers back up their iPhones and iPads to Apple servers, or for iCloud Drive. The iCloud Backup and iCloud Drive data sets are encrypted at rest and in transit, but Apple has the key to unlock them and can thus give decrypted versions to law enforcement.

More » AppleInsider, Tom’s Guide

US Army bans soldiers from using TikTok » The app is considered a “cyber threat”

 Justine Calma, The Verge »

United States Army soldiers can no longer use TikTok on government-owned phones following a decision to ban the app. The move comes amidst ongoing worries that the video app owned by Beijing-based company ByteDance could compromise national security or be used to influence or surveil Americans.

“It is considered a cyber threat,” Army spokeswoman Lt. Col. Robin Ochoa told Military.com, which broke the news on December 30th. The army reportedly used TikTok to recruit members prior to the ban.

Both the Navy and Defense Department sounded alarms on TikTok earlier this month. The Navy previously told its members not to add the app, and to delete it from government-issued devices if it was already installed. The Defense Department also instructed employees to “be wary of applications you download, monitor your phones for unusual and unsolicited texts etc., and delete them immediately and uninstall TikTok to circumvent any exposure of personal information,” according to military.com.

More » CNN

Related » US Navy Bans TikTok From Military Devices » Security Boulevard (Dec 27, 2019)

More » BoingBoing, The Next Web, SecurityAngle

Related » TikTok eyes global headquarters outside of China as US scrutiny mounts – Tech in Asia (Dec 24, 2019)

More » WSJ

NY Times journalists answer » What’s the worst that could happen to your smartphone data?

NY Times »

None of us really has a choice to participate in tracking or not — the system just serves up location data, usually without us noticing. So for people who do want a bit of privacy — worshipers, young people visiting Planned Parenthood, those visiting a queer space, survivors hiding from an abuser — they no longer have a real choice about their privacy. Because the tracking touches everyone, can we really give up after concluding it’s fine for us? When we participate in this system, we’re tacitly endorsing it.

[…]

Your imagination can run wild with possibilities. It runs from tracking kids to tracking the nation’s top security officials and using the intelligence for some kind of blackmail.

For us, it was talking to one group that was so concerned they didn’t want to be named. We expected them to be worried, but in conversations with them, they were downright scared. When we showed them all the device pings collected in the center of their building during a gathering, they were horrified that people could know exactly who and how many people were in the building and when. The idea that their community members were followed in the data and we could figure out where they all lived — it wasn’t an abstract threat anymore. It was real and personal for them, especially since they felt like a target already.

ToTok is a United Arab Emirates (UAE) spy tool [Updated]

If you have messaging app ToTok on your smartphone, you will probably want to delete it. It is actually a repressive government’s spying tool.

Apple and Google have removed the app from their app stores.

Mark Mazzetti, Nicole Perlroth, and Ronen Bergman, writing in the NY Times (paywall) »

But the service, ToTok, is actually a spying tool, according to American officials familiar with a classified intelligence assessment and a New York Times investigation into the app and its developers. It is used by the government of the United Arab Emirates to try to track every conversation, movement, relationship, appointment, sound and image of those who install it on their phones.

ToTok, introduced only months ago, was downloaded millions of times from the Apple and Google app stores by users throughout the Middle East, Europe, Asia, Africa and North America. While the majority of its users are in the Emirates, ToTok surged to become one of the most downloaded social apps in the United States last week, according to app rankings and App Annie, a research firm.

More » Associated Press, Security Boulevard, The Mac Observer, The Register, Wired

There are similar concerns with other apps »

» U.S. Navy bans TikTok from government-issued mobile devices – Reuters

Updated Saturday December 28

» Not surprisingly, UAE denies developing the app as spy tool – SecurityWeek

« Older posts

© 2020 Tech Letter

Theme by Anders NorenUp ↑