Displaying items by tag: privacy

On Thursday, WikiLeaks founder Julian Assange was arrested by British Police at the embassy of Ecuador in London.

Published in Government

Facebook stores millions of user passwords

Written on Tuesday, 26 March 2019 09:17

Facebook revealed that it has kept a record of hundreds of millions of user passwords in plain text.

The social media giant’s Vice President of Engineering, Security and Privacy, Pedro Canahuati, wrote in  a blog post that hundreds of millions of Facebook Lite users will be notified about this and so will the millions of Facebook and Instagram users.

Facebook Lite is a version of Facebook which is used in areas with weak connectivity.

According to Canahuati the mistake they made was noticed in January but did failed to comment on why an announcement wasn’t made about the issue at the time. Instead, the announcement came over two months later.

“As part of a routine security review in January, we found that some user passwords were being stored in a readable format within our internal data storage systems,” said Canahuati.

He also stated that the passwords which were stored were never visible to anyone outside Facebook and that they were not abused or improperly used by any of the staff.

“This caught our attention because our login systems are designed to mask passwords using techniques that make them unreadable.

We have fixed these issues and as a precaution we will be notifying everyone whose passwords we have found were stored in this way.”

Published in Apps

Security researcher Victor Gevers has uncovered a database of 1.8 million women in China who have their names, addresses, marital status, education levels, and phone numbers listed however the most troubling part of this database is the fact that women of a certain age group were also categorized as “breed ready”.

Gevers has said that anyone with an IP address has access to this database. This comes after his discovery of the Chinese database that leaked 300 million private messages last week.

“We don’t know who is behind this database and what the intention was… that is the part that worries us the most,” said Gevers. Most of the women in the database were located in Beijing.

Gevers reported the database on Twitter and had it closed down by 4am ET on Monday. 

Some of the women are linked to their Facebook profiles and as Facebook is banned in China, they must have accessed it through the use of a VPN.

“In China, they have a shortage of women. So an organization started to build a database to start registering over 1.8 million women with all kinds of details like phone numbers, addresses, education, location, ID number, marital status, and a “BreedReady” status?” he tweeted.

Also, around 90 per cent of the women on that list were listed as single and were between the ages of 15 and 95. The “BreedReady” women were categorized,  the youngest status was given to 18 year olds and the oldest with the status was 39.

The purpose of this database still remains uncertain however, many internet users said that it may have been the Chinese government’s effort to track the fertility of Chinese women as China’s birth rate has hit an all-time low.

China’s National Statistics Bureau found that only 15 million children were born in 2018 which was 2 million less than the previous year.

Published in Government

House of Lords call for new centralized Digital Regulator

Written on Tuesday, 12 March 2019 08:16

The House of Lords has called for a new central digital super-regulator to be created in order to inspect the different bodies protecting the internet and to replace the ‘clearly failing’ system of self regulation in place.

The Lords’ communications committee report has recommended a new Digital Authority. The report warns that the contribution of several regulators for the digital realm can be more problematic than helpful as it creates overlaps and gaps.

The report also states that large tech companies have failed to tackle cybersecurity issues and Ofcom should, in the future, expand their services to involve implementing a duty of care on those companies.

Lord Gilbert of Panteg, Chair of the committee, stated: “The government should not just be responding to news headlines but looking ahead so that the services that constitute the digital world can be held accountable to an agreed set of principles.”

He continued: “Self-regulation by online platforms is clearly failing and the current regulatory framework is out of date. The evidence we heard made a compelling and urgent case for a new approach to regulation. Without intervention, the largest tech companies are likely to gain ever more control of technologies which extract personal data and make decisions affecting people’s lives.”

The Lords said that the new Digital Authority should be guided by 10 guiding principles pertaining to online regulation. Some of these basic principles include: transparency, parity, recognition of childhood, accountability, privacy and human rights.

Last month, a Digital Culture, Media and Sport committee held Facebook responsible for being run by “digital gangsters” and as a result, recommending that tech and social media companies could regulate themselves independently under a ‘code of ethics’ which could be overseen by Ofcom.

The report by the Lords echoed this sentiment. It stated that self-regulation from internet behemoths from the likes of Google and Facebook were “clearly failing”.

Lord Panteg wrote: “Policy makers across different sectors have not responded adequately to changes in the digital world.”
He added: "The Digital Authority should be empowered to instruct regulators to address specific problems or areas. In cases where this is not possible because problems are not within the remit of any regulator, the Digital Authority should advise the Government and Parliament that new or strengthened legal powers are needed.”

The report recommends many changes to already existing regulations whether the Digital Authority is created or not. An example of these proposed changes is the public interest test for mergers and acquisitions which would protect peoples’ data from being bought and sold with no prior consent from the individual.

Additionally, the report recognizes the power which this new Digital Authority would hold and justified it by stating: “This is necessary because of the magnitude of urgent social and political problems caused by regulatory fragmentation in the digital world. These problems are less likely to become more complex as technology develops.”

Internet giants such as Google, Amazon and Facebook were not held in high regard amongst the Lords, especially in the report.

It concluded, “Major platforms have failed to invest in their moderation systems, leaving moderators overstretched and inadequately trained. Online platforms should make community standards clearer through a new classification framework akin to that of the British Board of Film Classification.”

Published in Government

The profiles and personal messages of 364 million users of Chinese social media sites were leaked online, exposing private records such as photos and identity card numbers which were being gathered by the Chinese government through a surveillance program.

Cybersecurity researcher for the NGO GDI Foundation, Victor Gevers, revealed in a series of tweets that the Chinese government was using a social media surveillance program which was “retrieving messages per province from 6 social platforms and extracts named, ID numbers, ID photos, GPS locations, network information, and all the conversations an file transfers get imported into a large online database.”

He continued “Around 364 million online profiles and their chats & file transfers get processed daily. Then these accounts get linked to a real ID/person. The date is then distributed over police stations per city/province to separate operators’ databases with the same surveillance network name.”

Gevers went on to say that the program used to retrieve all the private and sensitive information looked “like a jerry-rigged PRISM clone of the NSA.” NSA was the US government’s surveillance system that Edward Snowden revealed back in 2013.

In a direct message on Twitter, Gevers voiced some of his concerns regarding the situation.

“These surveillance systems are dangerous when they are open and fully accessible to anyone, which increases the risk of remote data manipulation. We have seen databases get ‘ransomed’ in the past.”

A great deal of the leaked data included information about cybercafés, which Gevers pointed out in a screenshot and said that those cafes may have been used as a potential tool to gather data on users.

QQ and WeChat were among the six Chinese messaging services which are both operated by Tencent.

In the past, WeChat denied their monitoring of user chat logs for government surveillance, however according to the Chinese legal system, all internet companies operating in China are expected to collect and store user data locally in case of an official inspection.

Security researcher Jane Manchun Wong said: “If sensitive information was exchanged in some of those conversations, it could have been sold to black markets, the same way how stolen credit card info from compromised databases work.”

She continued, “Except this one, it’s effortless to hackers. They could essentially just walk in and everything seems to be in plain text and accessible without any login information.”

The database was allegedly secured after Gevers exposed the issue.

There have been a few major leaks in China over the past few years.

Just last month Gevers reported a case regarding a Chinese tech company, SenseNets, which stored the data of 2.6 million people in the region of Xinjiang which is of Muslim majority and is under heavy police surveillance.  The data included the ID numbers and addresses of the residents.

Published in Government

New York regulators are investigating Facebook’s gathering of intimate data about consumers’ menstrual cycles and body weight through smartphone applications.

Facebook has confirmed that New York’s Department of Financial Services set them a letter about the data sharing issue.

The New York based regulator asked the social media giant to provide a list of all the companies that were involved in sending them the data over the past three years.

According to the source, requests to provide information on agreements with Facebook were sent to a number of application developers.

A Wall Street Journal report from February 22 showed that after testing over 70 smartphone apps, approximately 11 were disclosing ‘highly sensitive’ information to Facebook to use for target ads. These ads would be able to reach users who are not Facebook members.

The intimate data that was collected by the apps showed personal information with regards to body weight, height, ovulation cycles, heart rate, pregnancy status and home shopping.

It was found that around 6 of the 15 most popular health and fitness apps shared personal information with Facebook.

A Facebook spokesperson stated:  

"It's common for developers to share information with a wide range of platforms for advertising and analytics.

"We require the other app developers to be clear with their users about the information they are sharing with us, and we prohibit app developers from sending us sensitive data. We also take steps to detect and remove data that should not be shared with us."

The investigation comes at the peak of the debate over online privacy and at a time when Facebook is still attempting to regain the trust of the masses following the Cambridge Analytica scandal.

According to the Journal, the ‘highly sensitive information’ is sent to Facebook immediately after it is entered into the app.

Facebook is able to collect data through the Software Development Kit (SDK), which is a set of programs used to create apps and it often includes a set of open software tools.

These apps have used Facebook’s SDK to build their software in exchange for data which Facebook uses for advertising purposes.

A Facebook spokesperson has said that the data transmission does violate the company’s business agreement and that Facebook has taken measures to stop the apps from disclosing such personal information.

Published in Apps

Apple under-fire from politicians following FaceTime glitch

Written on Wednesday, 30 January 2019 13:25

US technology behemoth Apple is under-fire following the stunning revelation that its FaceTime app was allowing users to listen to audio from the phone of the person they’re calling even if the recipient hadn’t picked it up.

Published in Apps

Data flows between the EU and Japan are now ‘safe’

Written on Thursday, 24 January 2019 09:29

The European Union and Japan finalized common rules to protect personal information, and launched what they called the “world's largest areas of safe data flows”. Firms can transfer data now that the executive European Commission finds that Japanese law offers “a comparable level of protection of personal data,” the commission said.

“This adequacy decision creates the world's largest area of safe data flows,” EU justice commissioner Vera Jourova said, referring to an area of more than 600 million people. “Europeans' data will benefit from high privacy standards when their data is transferred to Japan,” the Czech commissioner said. “Our companies will also benefit from a privileged access to a 127 million consumers' market,” she added.

Jourova said the arrangement "will serve as an example for future partnerships" on data flows and set global standards.

The two sides cleared the final hurdle by agreeing on supplementary rules. These cover the protection of sensitive data, the exercise of individual rights and the conditions under which EU data can be further transferred from Japan to another third country.

Japan's independent data protection authority (PPC) and courts can enforce these rules covering Japanese firms that import data from EU.

Tokyo gave Brussels assurances that any use of personal data for law enforcement and national security purposes would be “limited to what is necessary and proportionate.” Access by public authorities for these reasons would be “subject to independent oversight and effective redress mechanisms,” the EU executive said.

The two sides agreed to a mechanism to investigate and resolve complaints from Europeans over data access that Japan's independent data protection authority will run and supervise. The decision complements the EU-Japan Economic Partnership Agreement, which takes effect in February to become the world's biggest trade deal.

Published in Government

France's data watchdog (CNIL) announced a fine of 50 million euros ($57 million) for US search giant Google, using the EU's strict General Data Protection Regulation (GDPR) for the first time.

Google was handed the record fine from the CNIL regulator for failing to provide transparent and easily accessible information on its data consent policies, a statement said. The CNIL said Google made it too difficult for users to understand and manage preferences on how their personal information is used, in particular with regards to targeted advertising.

“People expect high standards of transparency and control from us. We're deeply committed to meeting those expectations and the consent requirements of the GDPR,” a Google spokesperson said in a statement. “We're studying the decision to determine our next steps.”

The ruling follows complaints lodged by two advocacy groups last May, shortly after the landmark GDPR directive came into effect. One was filed on behalf of some 10,000 signatories by France's Quadrature du Net group, while the other was by None Of Your Business, created by the Austrian privacy activist Max Schrems.

Schrems had accused Google of securing “forced consent” through the use of pop-up boxes online or on its apps which imply that its services will not be available unless people accept its conditions of use.

“Also, the information provided is not sufficiently clear for the user to understand the legal basis for targeted advertising is consent, and not Google's legitimate business interests,” the CNIL said.

Published in Government

A Turkish inventor claims to have created a phone with a screen that can only be seen when using a specific special pair of smart glasses. It’s the perfect privacy solution for anyone storing sensitive information on their device, in an age where people carry around smartphones and tablets everywhere they go, making it increasingly difficult to keep things private.

The inventor, 40-year-old Celal Göger from Diyarbakir, Turkey, is said to have come up with the idea for the private smartphone screen while he was traveling on crowded public transport in the bustling city of Istanbul. He became frustrated when he noticed that other passengers were slyly peering over his shoulder to look at what he was doing on his phone.

“Someone’s phone is a very personal item and I think it’s extremely disrespectful when other people stare at it,” he said.

Following his discomfort on public transport, Göger took it upon himself to create a way for other people to no longer be able to see what was on his smartphone screen. He worked in a small workshop behind his store to invent the new technology. According to the Mirror, it took Göger fourth months to come up with his ingenious ‘Ghost Phone’ concept which he is planning to call C.COGER I.

The concept works by using a chip that makes the screen appear white to anyone who looks at the screen with the naked eye. In order to see the screen normally, a second chip in the glasses connects to the phone, making it visible to the wearer.

“When I finished my invention I started telling people about it, but nobody believed me,” said Göger. “They thought it must be some kind of magic trick until they saw my invention which left them absolutely gobsmacked!”

Göger is still said to be looking for funding to further develop his project. No further details about it have been released. He believes that if he resided in a different country it would be easier for him to proceed with it.

“I think I was born in the wrong place at the wrong time,” he said. “If I had been born in the UK, I think I would have gotten a lot more support to move this project forward and start mass production of my invention. If I can get funding I am planning to take this project further and install an on/off button on the phone which means that the user decides whether to activate the function.”

Published in Gadget