Facebook: Fine and a Reminder of Ozymandius?
July 13, 2019
I just wanted to document that Facebook will have to pay a fine. Well. allegedly. On the other hand, the rumored penalty evokes the trunkless legs of stone. Ozymandius time in Silicon Valley. For details, navigate to “Facebook Reportedly Fined $5B over Cambridge Analytica Fiasco.” No high flier wants to wear a t shirt with the word “fiasco” stenciled in red. Perhaps if it were paired with the Nike Betsy Ross shoes and “fiasco” spelled “phiasco”, the label could be trendy. The t shirt would collect likes like a hamburger gathers flies at a picnic on a 90 degree day in Mountain View. I noted this statement in the write up:
The FTC approved the settlement in a 3-to-2 vote with Republican commissioners in favor and Democrats opposing, according to Wall Street Journal sources. The arrangement and further details have yet to be confirmed publicly, and any agreement will still have to be reviewed by the Department of Justice.
Yep, some money, just a bit tardy.
Stephen E Arnold, July 13, 2019
Targeting 101: Disabling Google and Finding Software Alternatives
June 30, 2019
I read “Completely Block Google and Its Services.” If you are concerned about Google’s data policies, you may want to read the article and follow the instructions in the pihole-google.txt file. It appears that there are more than 7,000 services which Google uses to obtain one’s personal information.
Is this a surprise? No, what’s interesting is that disabling items one by one in an Android device is not going to do the job. I particularly liked the listing of DoubleClick add ons. Here’s a sampling of the more than two dozen items:
analytics.txt
firebase.txt
fonts.txt
mail.txt
products.txt
Some readers of DarkCyber may find the DoubleClick patents interesting. An overview of the cookie method appears in “Method and Apparatus for Transaction Tracking Over a Computer Network.” You can locate the document at this link. DoubleClick has other interesting inventions as well. I covered more of these in my 2003 The Google Legacy and the follow-up monograph, Google Version 2. I am not returning to the Museum of Googzilla.
Once Google has been removed from your Android device, you may want to find replacement for the Google Play and Google provided apps. You can find a useful list in “The Complete List of Alternatives to All Google Products.” The “all” makes me nervous because DarkCyber has heard rumors than not even Google has a list which is comprehensive. Like the personnel data the US government once requested, that’s just too difficult. Creating such a list is impossible because once the list has been whipped up, it might leak. Google still tries to be as secretive as possible, but its track record has changed as the firm has aged.
Stephen E Arnold, June 30, 2019
Alexa: Big Brother and Big Sister
June 2, 2019
The younger generations live their lives online, so it is surprising when one shows concern about privacy. The Guardian’s Comedic journalist Tim Dowling wrote about his son’s total dislike for Amazon’s Alexa in, “Tim Dowling: Two Alexas Have Moved In, And They’re Terrifying.” Smart speakers are Big Brother’s newest tool, because it is always listening.
Dowling was sent two free Alexa’s to review for his column and coerced his son into setting them up in his home. What is even funnier is that they are used Alexas and one of them had googly eyes, so one is “always watching.” The son in question is nineteen years old, but is scared of Alexa. Dowling and his offspring do not like Alexa, because she is listening. At first, it is charming to have questions answered instantaneously, but it quickly turns when they nearly avoid buying an expensive laptop. They do ask Alexa, how many people are spying on them right then, but the speaker did not known the answer. Dowling’s eldest child, however, was quite keen on the speakers and had one tell him the latest football scores (that is soccer for the US).
It got worse for the youngest one when Dowling had to leave him alone in the house with the two Alexas:
“ ‘Walk the dog, feed the cat, don’t say ‘Alexa’, and you’ll be fine,’ I say.
‘Great,’ he says.
Some hours later, I receive an email informing me that I will not be required to write about Alexa after all. A few minutes after that, I receive an apology from the youngest one, telling me he had to unplug both Alexas: they had started talking to each other.”
What do Alexas discuss? They probably ceaselessly ask one another to keep repeating, because they could not quite get what the other is saying. Sure, smart speakers are fun. They are a voice activated Google and radio, but they are always listening. Listening to hear the next command or reporting it to the government.
Whitney Grace, June 2, 2019
Facebook Says Privacy. Tim Cook Explains Privacy
May 5, 2019
Apple continues to build out its privacy platform. “Apple CEO Tim Cook Slams Peeping Tom Websites for Intruding onto Users’ Privacy, Insists He Doesn’t Want Customers Looking at Their iPhones Too Much and Addresses Concerns That Kids Are Addicted to Devices” presents some of the suggestions and observations likely to find their way into Apple’s marketing of its products and services. (There was no mention of the nagging to sign into Apple’s messaging service or the annoyance of pleading with customers to use the Apple cloud storage service. Intrusive. You betcha.)
In an interview with a US television “real news” reporter, Mr. Cook offered one quite interesting observations; to wit:
Companies that collection people’s data know a lot more about you than someone looking in the window of your home. (Peeping Toms are bad, very bad.)
The article in the Daily Mail linked Mr. Cook’s comments about privacy to one of his previous statements:
Cook previously denounced Facebook and other tech companies for hoarding ‘industrial’ amounts of users’ private data during a privacy conference at the European Parliament in Brussels in October [2018].
How does Mr. Cook some companies’ “hoarding” of data? The answer:
Industrial scale.
One may want to recall that Facebook’s privacy woes have not had a significant impact on the firm’s financial performance. Mr. Cook may be talking privacy, but the reality is that in America, financial performance may be more important in some circles.
Oracle once asserted that in search and retrieval security matters. Oracle’s bet on enterprise search security did not cause competitors much, if any, friction. Apple’s “bet” on privacy will be interesting to observe.
Stephen E Arnold, May 5, 2019
Google and Kiddie Data Allegations
April 15, 2019
I read a compelling essay published in TribLive. The title? “Protect Kids from Google Predators.” The short write up does a good job of identifying the basic mechanism for collecting information about students. Here’s a passage I noted:
Google now has 80 million educators and students around the world using G Suite for Education, 40 million students and teachers in Google Classroom and 30 million more using Google Chromebooks inside and outside the classroom.
The data collection is ubiquitous, just like other Google functions. These intercept and logging functions are baked into the system. As Google staff turns over, the specifics of some of these fundamental plumbing and utility services are like services buried in Windows 10 and Word. Fish don’t understand water; users don’t understand a non-Google environment.
The write up adds:
K-12 children in tens of thousands of schools began the academic year by lining up at the library to create Gmail accounts and Google Classroom logins without parental notification or permission. There’s no escape: No Google, no access. No access, no education. “Hell, some of the teachers don’t even teach the kids,” one parent complained to me. Instead, they “watch videos on Canvas or on their Chromebooks. Canvas (by Instructure) is one of myriad “learning management systems” that stores students’ grades, homework assignments, videos, quizzes and tests — all integrated with almighty, all-powerful, omniscient Google. Google apps such as ClassDojo collect intimate behavioral data and long-term psychological profiles encompassing family information, personal messages, photographs and voice notes. The collection of such data is a nanny state nightmare in the making, as a new Pioneer Institute report on “social, emotional learning” software and assessments outlined this month. Meanwhile, preschoolers are being trained to flash “Clever Badges” with QR codes in front of their Google Chromebook webcams. These badges “seamlessly” log them into Google World and all its apps without all the “stress” of remembering passwords. Addicted toddlers are being indoctrinated into the screen time culture without learning how to exercise autonomy over their own data.
DarkCyber believes that more attention to this Google “feature” may be warranted. I know an apology from Google may be forthcoming, but perhaps parents are tiring of apologies and having their children tracked and their privacy compromised?
Stephen E Arnold, April 15, 2019
Virtual Private Networks: Is Free Good?
April 10, 2019
VPNs are the new wonder tool in Internet security and privacy. Want one? Download Opera.
DarkCyber has noted that Vladimir Putin is not a fan of digital tunneling. In our weekly news program, we have mentioned that some VPNs are not providing the security the user wants. In some enforcement circles, use of a VPN is a red flag.
It seems logical to assume that anything free on the Internet comes with a catch. Free VPNs come with with a special extra. Tech Radar explores free VPNs in, “Four Ways That A Free VPN Can Profit From Its Users.”
Paid VPNs manage to stay on top of their game by having their users pay a monthly subscription fee. Free VPNS do offer comparable services, but in order to do that they have to make money somehow. There are four ways free VPNs can make a profit from their users. The first one is called a “gateway” VPN, because it is a free trial or tier associated with a paid VPN The hope is that the trial users will become monthly subscribers when they discover the free version’s limitations, such as low bandwidth.
Another alternative involves free VPN selling information about your Internet habits. This information would usually be collected by ISPs, but the VPN blocks them. ISPs sell the information to the highest bidder, but the VPNs do that instead. Free VPNs can also share and reroute bandwidth amongst its various users:
“Yet with one free VPN provider, HolaVPN, this is exactly what happened. HolaVPN doesn’t have its own network of servers, but effectively crowd sources, with everyone using the service providing them bandwidth – not only for the free HolaVPN offering, but also for a related paid product known as Luminati. In addition, your device could become the exit node for another user’s activity, making you potentially liable for their actions.”
Then there is the tried and true method of selling advertising on the VPN network, including targeted ads. The VPN might block the ISPs from collection information, but the VPN collects it and makes a profit from the user’s information.
Yep, free.
Whitney Grace, April 10, 2019
Google: Forgetting or Selective Remembering?
March 27, 2019
Google created many useful and brilliant projects from its trademark search to Gmail and its free office suite. Google also has its share of failures, most notably Google+ and now the admission that they “forgot” about a microphone in its Nest Secure security system. BGR reports that, “Congress Wants Google To Explain How It Forgot About The Nest Secure Microphone.”
Google says they entirely “forgot” about a microphone inside their Nest Secure security system. Smart home security systems, such as the Nest Secure, are popular among homeowners, because it allows them to monitor their homes remotely, maintain a constant camera feed, and more. Smart security systems are supposed to protect individuals and their privacy, but some US senators are concerned about citizens’ privacy and Google’s “forgotten” microphone.
Senators and their constituents are worried that large tech companies are taking advantage of their end users and are not being transparent. Google maintains its commitment to transparency and its chief privacy officer said so during a Us Senate Committee hearing. Google will respond further to the issue in mid to late March 2019 with answers about the Nest Secure’s technical specifications, how they communicated with consumers, and what stage it was forgotten.
Google is taking the full blame:
“As we mentioned last week, Google has already released a pretty bare-bones mea culpa about this, sharing a statement with Business Insider that says the mike was never meant to be a secret and should have been included in the tech specs. ‘That was an error on our part.’ The company went on to explain that ‘the microphone has never been on and is only activated when users specifically enable the option.’ The long and short of this is that if you bought Nest’s $500 home security system, which is only a year old, you’re just now learning that you’ve inadvertently had a microphone in your home for a year or more that you didn’t know was there. The ball is now in Google’s court to respond to the questions raised in the Senators’ letter…”
Perhaps someone at Google should read Surveillance Capitalism. No, forget that.
Whitney Grace, March 27, 2019
First, Encryption, Now DNA: Annoying, Marketing, or Taunting?
March 14, 2019
I read “Home DNA-Testing Firm Will Let Users Block FBI Access to Their Data.” I came away asking myself, “Is this outfit just annoying government authorities or taunting them? Or, maybe the company wants to look good from a PR point of view?”
Australia introduced regulations which require that companies doing business in the country cooperated with law enforcement when it comes to accessing data on encrypted services. That initiative is likely to be watched closely by those in the Five Eyes. In fact, DarkCyber thinks that the Australian move is a trial balloon. Decryption is a contentious issues, and Facebook has suggested that it will embrace privacy. Some in the enforcement sector rely on Facebook data, and if those data become unreadable, that will spark some discussion. The key point is that Australia took regulatory action.
When the no DNA for the FBI story crossed my desk, I thought about the implications. China has addressed the DNA sampling issue directly. In once geographic area, people have to show up and provide a sample. Fail to cooperate? That action will not generate positive points on the individual’s social credit score.
DNA information is available or obtainable. I want to add “in one way or another.”
The issue is control and access. The use of DNA data is fairly straightforward. DNA may answer the question, “Whom should be investigate?”
The write up states:
The combination of genetic data from home DNA-testing kits and family tree databases has allowed individuals to find relatives by matching DNA, but has also opened a new way for police to solve crimes. Police used the technique last year to identify the man thought to be behind a series of murders in California during the 1970s.
But the company was cooperating. Now a “procedure” must be followed.
Mixed signals, push back, a concern for customer privacy, or PR? The more interesting question is, “Is the company poking pointy sticks into the backs of government authorities.” Will compliance regulations emerge from one of the Five Eyes?
Stephen E Arnold, March 14, 2019
Dark Web Directory: Updates Needed
February 22, 2019
If the Internet were an ocean, the Dark Web is a very shallow tide pool. While the Dark Web is shallow, we do not recommend diving in because you can still break your neck. The Dark Web has a limited number of Web sites listed on it, all of them using the .onion extension.
These Web sites are accessible using the Tor browser and you do not use a search engine to find them. Instead you rely on social media Web sites, such as reddit, forums, or the Dark Web News. The Dark Web News has the “Dark Web & Deep Web Market List With Up & Down Daily Updated Market Status.”
The market listing is described as “Are you wondering how to find deep net markets? Well, look no further! We have compiled a list of active hidden marketplaces available on the deep web.” It is followed by a guide on how to access the Dark Web, download the Tor browser, etc.
What is striking is the amount of warnings about losing your anonymity. The market listing states, no shouts, that a smart Dark Web user uses not only the Tor browser, but also has a VPN to encrypt their data.
After the anonymity warnings, there are the Dark Web market listings. Each market site is reviewed, given a small description, and its status is shared. The listings are very useful and help track the type of market you are searching for. The only downside is that it lists Silk Road and a few other places as still “open.” Methinks that the Dark Web market listing needs an update. Also they give another good warning: “Do your research before using any hidden marketplace. Reddit is a good place to start.”
The problem is that the Dark Web is not zipping along as it once was. The buying and selling action has shifted to online chat and closed discussion groups. As the Dark Web shrinks, maintaining a listing should be easier too.
Whitney Grace, February 22, 2019
Japan: A Security Clamp
February 4, 2019
We are used to Olympic athletes pushing the limit of human accomplishment, but authorities in Japan are going even further. In preparation for the 2020 Olympics, the National Institute of Information and Communication Technology has gained permission to hack into citizens’ IOT devices in order to prevent terror attacks. We learned more from a recent ZDnet story, “Japanese Government Plans to Hack into Citizens’ IOT Devices.”
According to the story:
“The plan is to compile a list of insecure devices that use default and easy-to-guess passwords and pass it on to authorities and the relevant internet service providers, so they can take measures to alert consumers and secure the devices…The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, beginning with routers and web cameras.”
From home security systems, to coffee pots, to doorbell cameras—these IOT tools are very vulnerable. While it’s promising to see an intelligence agency getting out ahead of a potential issue, the path to safety is fraught with potential problems. Would such a leap in privacy be acceptable in the US? We find it impossible to believe, but it’ll be interesting to see how Japan juggles this issue.
Patrick Roland, February 4, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
