Facebook Says Privacy. Tim Cook Explains Privacy

May 5, 2019

Apple continues to build out its privacy platform. “Apple CEO Tim Cook Slams Peeping Tom Websites for Intruding onto Users’ Privacy, Insists He Doesn’t Want Customers Looking at Their iPhones Too Much and Addresses Concerns That Kids Are Addicted to Devices” presents some of the suggestions and observations likely to find their way into Apple’s marketing of its products and services. (There was no mention of the nagging to sign into Apple’s messaging service or the annoyance of pleading with customers to use the Apple cloud storage service. Intrusive. You betcha.)

In an interview with a US television “real news” reporter, Mr. Cook offered one quite interesting observations; to wit:

Companies that collection people’s data know a lot more about you than someone looking in the window of your home. (Peeping Toms are bad, very bad.)

The article in the Daily Mail linked Mr. Cook’s comments about privacy to one of his previous statements:

Cook previously denounced Facebook and other tech companies for hoarding ‘industrial’ amounts of users’ private data during a privacy conference at the European Parliament in Brussels in October [2018].

How does Mr. Cook some companies’ “hoarding” of data? The answer:

Industrial scale.

One may want to recall that Facebook’s privacy woes have not had a significant impact on the firm’s financial performance. Mr. Cook may be talking privacy, but the reality is that in America, financial performance may be more important in some circles.

Oracle once asserted that in search and retrieval security matters. Oracle’s bet on enterprise search security did not cause competitors much, if any, friction. Apple’s “bet” on privacy will be interesting to observe.

Stephen E Arnold, May 5, 2019

Google and Kiddie Data Allegations

April 15, 2019

I read a compelling essay published in TribLive. The title? “Protect Kids from Google Predators.” The short write up does a good job of identifying the basic mechanism for collecting information about students. Here’s a passage I noted:

Google now has 80 million educators and students around the world using G Suite for Education, 40 million students and teachers in Google Classroom and 30 million more using Google Chromebooks inside and outside the classroom.

The data collection is ubiquitous, just like other Google functions. These intercept and logging functions are baked into the system. As Google staff turns over, the specifics of some of these fundamental plumbing and utility services are like services buried in Windows 10 and Word. Fish don’t understand water; users don’t understand a non-Google environment.

The write up adds:

K-12 children in tens of thousands of schools began the academic year by lining up at the library to create Gmail accounts and Google Classroom logins without parental notification or permission. There’s no escape: No Google, no access. No access, no education. “Hell, some of the teachers don’t even teach the kids,” one parent complained to me. Instead, they “watch videos on Canvas or on their Chromebooks. Canvas (by Instructure) is one of myriad “learning management systems” that stores students’ grades, homework assignments, videos, quizzes and tests — all integrated with almighty, all-powerful, omniscient Google. Google apps such as ClassDojo collect intimate behavioral data and long-term psychological profiles encompassing family information, personal messages, photographs and voice notes. The collection of such data is a nanny state nightmare in the making, as a new Pioneer Institute report on “social, emotional learning” software and assessments outlined this month. Meanwhile, preschoolers are being trained to flash “Clever Badges” with QR codes in front of their Google Chromebook webcams. These badges “seamlessly” log them into Google World and all its apps without all the “stress” of remembering passwords. Addicted toddlers are being indoctrinated into the screen time culture without learning how to exercise autonomy over their own data.

DarkCyber believes that more attention to this Google “feature” may be warranted. I know an apology from Google may be forthcoming, but perhaps parents are tiring of apologies and having their children tracked and their privacy compromised?

Stephen E Arnold, April 15, 2019

Virtual Private Networks: Is Free Good?

April 10, 2019

VPNs are the new wonder tool in Internet security and privacy. Want one? Download Opera.

DarkCyber has noted that Vladimir Putin is not a fan of digital tunneling. In our weekly news program, we have mentioned that some VPNs are not providing the security the user wants. In some enforcement circles, use of a VPN is a red flag.

It seems logical to assume that anything free on the Internet comes with a catch. Free VPNs come with with a special extra. Tech Radar explores free VPNs in, “Four Ways That A Free VPN Can Profit From Its Users.”

Paid VPNs manage to stay on top of their game by having their users pay a monthly subscription fee. Free VPNS do offer comparable services, but in order to do that they have to make money somehow. There are four ways free VPNs can make a profit from their users. The first one is called a “gateway” VPN, because it is a free trial or tier associated with a paid VPN The hope is that the trial users will become monthly subscribers when they discover the free version’s limitations, such as low bandwidth.

Another alternative involves free VPN selling information about your Internet habits. This information would usually be collected by ISPs, but the VPN blocks them. ISPs sell the information to the highest bidder, but the VPNs do that instead. Free VPNs can also share and reroute bandwidth amongst its various users:

“Yet with one free VPN provider, HolaVPN, this is exactly what happened. HolaVPN doesn’t have its own network of servers, but effectively crowd sources, with everyone using the service providing them bandwidth – not only for the free HolaVPN offering, but also for a related paid product known as Luminati. In addition, your device could become the exit node for another user’s activity, making you potentially liable for their actions.”

Then there is the tried and true method of selling advertising on the VPN network, including targeted ads. The VPN might block the ISPs from collection information, but the VPN collects it and makes a profit from the user’s information.

Yep, free.

Whitney Grace, April 10, 2019

Google: Forgetting or Selective Remembering?

March 27, 2019

Google created many useful and brilliant projects from its trademark search to Gmail and its free office suite. Google also has its share of failures, most notably Google+ and now the admission that they “forgot” about a microphone in its Nest Secure security system. BGR reports that, “Congress Wants Google To Explain How It Forgot About The Nest Secure Microphone.”

Google says they entirely “forgot” about a microphone inside their Nest Secure security system. Smart home security systems, such as the Nest Secure, are popular among homeowners, because it allows them to monitor their homes remotely, maintain a constant camera feed, and more. Smart security systems are supposed to protect individuals and their privacy, but some US senators are concerned about citizens’ privacy and Google’s “forgotten” microphone.

Senators and their constituents are worried that large tech companies are taking advantage of their end users and are not being transparent. Google maintains its commitment to transparency and its chief privacy officer said so during a Us Senate Committee hearing. Google will respond further to the issue in mid to late March 2019 with answers about the Nest Secure’s technical specifications, how they communicated with consumers, and what stage it was forgotten.

Google is taking the full blame:

“As we mentioned last week, Google has already released a pretty bare-bones mea culpa about this, sharing a statement with Business Insider that says the mike was never meant to be a secret and should have been included in the tech specs. ‘That was an error on our part.’ The company went on to explain that ‘the microphone has never been on and is only activated when users specifically enable the option.’ The long and short of this is that if you bought Nest’s $500 home security system, which is only a year old, you’re just now learning that you’ve inadvertently had a microphone in your home for a year or more that you didn’t know was there. The ball is now in Google’s court to respond to the questions raised in the Senators’ letter…”

Perhaps someone at Google should read Surveillance Capitalism. No, forget that.

Whitney Grace, March 27, 2019

First, Encryption, Now DNA: Annoying, Marketing, or Taunting?

March 14, 2019

I read “Home DNA-Testing Firm Will Let Users Block FBI Access to Their Data.” I came away asking myself, “Is this outfit just annoying government authorities or taunting them? Or, maybe the company wants to look good from a PR point of view?”

Australia introduced regulations which require that companies doing business in the country cooperated with law enforcement when it comes to accessing data on encrypted services. That initiative is likely to be watched closely by those in the Five Eyes. In fact, DarkCyber thinks that the Australian move is a trial balloon. Decryption is a contentious issues, and Facebook has suggested that it will embrace privacy. Some in the enforcement sector rely on Facebook data, and if those data become unreadable, that will spark some discussion. The key point is that Australia took regulatory action.

When the no DNA for the FBI story crossed my desk, I thought about the implications. China has addressed the DNA sampling issue directly. In once geographic area, people have to show up and provide a sample. Fail to cooperate? That action will not generate positive points on the individual’s social credit score.

DNA information is available or obtainable. I want to add “in one way or another.”

The issue is control and access. The use of DNA data is fairly straightforward. DNA may answer the question, “Whom should be investigate?”

The write up states:

The combination of genetic data from home DNA-testing kits and family tree databases has allowed individuals to find relatives by matching DNA, but has also opened a new way for police to solve crimes. Police used the technique last year to identify the man thought to be behind a series of murders in California during the 1970s.

But the company was cooperating. Now a “procedure” must be followed.

Mixed signals, push back, a concern for customer privacy, or PR? The more interesting question is, “Is the company poking pointy sticks into the backs of government authorities.” Will compliance regulations emerge from one of the Five Eyes?

Stephen E Arnold, March 14, 2019

Dark Web Directory: Updates Needed

February 22, 2019

If the Internet were an ocean, the Dark Web is a very shallow tide pool. While the Dark Web is shallow, we do not recommend diving in because you can still break your neck. The Dark Web has a limited number of Web sites listed on it, all of them using the .onion extension.

These Web sites are accessible using the Tor browser and you do not use a search engine to find them. Instead you rely on social media Web sites, such as reddit, forums, or the Dark Web News. The Dark Web News has the “Dark Web & Deep Web Market List With Up & Down Daily Updated Market Status.”

The market listing is described as “Are you wondering how to find deep net markets? Well, look no further! We have compiled a list of active hidden marketplaces available on the deep web.” It is followed by a guide on how to access the Dark Web, download the Tor browser, etc.

What is striking is the amount of warnings about losing your anonymity. The market listing states, no shouts, that a smart Dark Web user uses not only the Tor browser, but also has a VPN to encrypt their data.

After the anonymity warnings, there are the Dark Web market listings. Each market site is reviewed, given a small description, and its status is shared. The listings are very useful and help track the type of market you are searching for. The only downside is that it lists Silk Road and a few other places as still “open.” Methinks that the Dark Web market listing needs an update. Also they give another good warning: “Do your research before using any hidden marketplace. Reddit is a good place to start.”

The problem is that the Dark Web is not zipping along as it once was. The buying and selling action has shifted to online chat and closed discussion groups. As the Dark Web shrinks, maintaining a listing should be easier too.

Whitney Grace, February 22, 2019

Japan: A Security Clamp

February 4, 2019

We are used to Olympic athletes pushing the limit of human accomplishment, but authorities in Japan are going even further. In preparation for the 2020 Olympics, the National Institute of Information and Communication Technology has gained permission to hack into citizens’ IOT devices in order to prevent terror attacks. We learned more from a recent ZDnet story, “Japanese Government Plans to Hack into Citizens’ IOT Devices.”

According to the story:

“The plan is to compile a list of insecure devices that use default and easy-to-guess passwords and pass it on to authorities and the relevant internet service providers, so they can take measures to alert consumers and secure the devices…The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, beginning with routers and web cameras.”

From home security systems, to coffee pots, to doorbell cameras—these IOT tools are very vulnerable. While it’s promising to see an intelligence agency getting out ahead of a potential issue, the path to safety is fraught with potential problems. Would such a leap in privacy be acceptable in the US? We find it impossible to believe, but it’ll be interesting to see how Japan juggles this issue.

Patrick Roland, February 4, 2019

TruthFinder: Dark Web Scan Reseller

January 3, 2019

TruthFinder, founded in late 2014 or early 2015, provides background check services. We wanted to document that the firm offers Dark Web scans.

The company states:

Our new Dark Web Monitoring feature is an indispensable tool for people who want to protect their identity from data breaches. You can monitor your sensitive personal information — like your name, phone number, and even credit card number — and receive an instant notification if your data is found on the Dark Web. Cybercriminals buy and sell personal information on the Dark Web every day, but with TruthFinder, you can reduce your chances of becoming a victim of identity theft.

According to the company’s Web site, these services are provided by Experian. DarkCyber believes that Experian obtains Dark Web scanning services from another third party.

The firm also provides public records data to its customers. The services are provided on a fee basis.

In an interview published by Superbcrew, TruthFinder stated:

TruthFinder is also an essential resource for online daters and those who routinely interact with strangers online. With just a quick search, online daters can make sure they’re talking to a real person and not getting catfished. People can also use this service to see if people have prior criminal records, which is one of the many ways TruthFinder helps people stay safe in the real world.

Note: A “catfish” is someone who pretends to be someone else online. The idea is that an individual adopts a persona in order to mask his or her actual identity.

A customer can search by name, phone number, email address, or physical address. The company offers reverse address lookup (who lives at this address?) and reverse phone look up (who has this phone number?).

A TruthFinder report is assembled from the data the company pulls from various data sources. A report, presumably generated by the TruthFinder system, typically offers:

  • Personal Information: Your name, known aliases, and date of birth
  • Possible Photos: TruthFinder crawls images from various social media profiles, including those you may have forgotten existed
  • Jobs and Education: A list of places you have worked and studied, including relevant dates
  • Possible Relatives: View the name, age, and location of people who may be related to you
  • Related Links: Related links may include blogs, relevant news stories, and additional social profiles
  • Contact Information: View landlines, cell phone numbers, and email addresses associated with your name
  • Location History: A list of places you have lived, including the date you were last seen at the location
  • Criminal Records: TruthFinder reports may include arrest details, the outcome of the case, and prison status, when available
  • Sex Offenders: View a map of nearby sex offenders, details of their crime, and links to view their full background report
  • Social Media Profiles: Uncover social media profiles associated with your name, including accounts you may have forgotten
  • Assets
  • Evictions
  • Business associates.

DarkCyber wants to point out that Dark Web scanning is now an item on a punch list, not a rarified service available only to law enforcement and intelligence professionals. TruthFinder’s help section states that reports begin at about $30. An annual subscription runs about $280 per year.

Kenny Toth, January 3, 2019

About Those VPNs

December 26, 2018

News and chatter about VPNs are plentiful. We noted a flurry of stories about Chinese ownership of VPNs. We receive incredible deals for VPNs which are almost too good to be true. We noted this write up from AT&T (a former Baby Bell) and its Alienvault unit: “The Dangers of Free VPNs.”

The idea behind a VPN is hiding traffic from those able to gain access to that traffic. But there is a VPN provider in the mix. From that classic man in the middle position, the VPN may not be as secure as the user thinks.

The AT&T Alienvault viewpoint is slightly different: VPNs are the cat’s pajamas as long as the VPN is AT&T’s.

We learned from the write up:

Technically, VPN providers have the capacity to see everything you do while connected. If it really wanted to, a VPN company could see what videos you watched, read emails you send, or monitor your search history.

The write up points out without reference to lawful intercept orders, national security letters, and the ho hum everyday work in cheerful Ashburn, Virginia:

Thankfully, reputable providers don’t do this. A good provider shouldn’t take any logs of your activity, which means that although they could theoretically access your data, they discard it instead. These “no-log” companies don’t keep copies of your data, so even if they get subpoenaed by a government agency, they have no data that they can hand over. VPN providers may take different types of logs, so you need to be careful when reading the fine print of any potential provider. These logs can include your traffic, DNS requests, timestamps, bandwidth and IP address.

The write up includes a “How do I love thee” approach to the dangers of free VPNs.

Net net: Be scared. Just navigate to this link. AT&T provides VPN service with the goodness one expects.

By the way, note the reference to “logs.” Many gizmos in a data center offering VPN services maintain logs. Processing these auto generated files can yield quite useful information. Perhaps that’s why there are free and low cost services.

Zero logs strikes Beyond Search as something that is easy to say but undesirable and possibly difficult to achieve.

Are VPNs secure? Is Tor?

In January 2019, Beyond Search will cover more dark cyber related content. More news is forthcoming. Let’s face it enterprise search is a done deal. The Beyond Search goose is migrating to search related content plus adjacent issues like AT&T promoting its cheerful, unmonitored, we’re really great approach to online.

Stephen E Arnold, December 26, 2018

Search for a Person in China: Three Seconds and You Are Good to Go

December 26, 2018

I read “Welcome to Dystopia : China Introduces AI Powered Tracking Uniform in Schools.” The article explains that “China has started to introduce school uniforms which track pupils all the time.”

The “all” is problematic. A student equipped with the new uniform has to take it off, presumably for normal body maintenance and the inevitable cleaning process.

The overstatement, I assume, is designed to make the point that China is going to keep social order using smart software and other tools.

The new uniform  “comes with two chips embedded in the shoulder areas and works with an AI-powered school entrance system, which is equipped with facial recognition cameras.”

Combined with other monitoring gizmos, the question, “Where’s Wong? can be answered in a jiffy. The write up explains:

The entrance system, powered by facial recognition camera, can capture a 20-second-long video of each pupil going in or coming out of the school. The footage will be uploaded onto an app in real time for teachers and parents to watch.An alarm will go off if the school gate detects any pupil who leaves the school without permission,

The article suggests that location and identification takes seconds.

One presumes the search results will be objective and ad free.

Stephen E Arnold, December 26, 2018

Next Page »

  • Archives

  • Recent Posts

  • Meta