• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Google: Visits to Paris Likely to Increase

In the unlikely publication for me, Adweek published an interesting story: “French Sites Ordered to Stop Using Google Analytics Is Just the Beginning.” That title seems ominous. The election excitement is building, but the actions of Commission  Nationale de l’informatique et des Libertés is likely to grind forward regardless of who wins what. The Adweek write up states:

…the French data watchdog—Commission Nationale de l’informatique et des libertés (CNIL)—ordered three French websites to stop using audience analytics site Google Analytics, deeming the site to be illegal under the General Data Protection Regulation.

The article adds:

This means that companies based in Europe using Google Analytics—which reads cookies that are dropped on peoples’ browsers when they visit a site to gauge whether they are a new or returning user—were shipping people’s personal information to the U.S.

Are Google Analytics a problem for CNIL? Probably not for the agency, but the CNIL seems poised to become a bit of a sticky wicket for Googzilla. After years of casual hand slapping, an era of RBF (really big fines) may be beginning. Google executives might find that CNIL can make a call to a fancy Parisian hotel and suggest that the Googlers be given rooms with a less salubrious location, tired decorations, and questionable plumbing. Mais oui! C’est domage.

On a positive note, Google is taking action itself. Privacy, security, fraud — well, sort of. “Google Sues Scammer for Puppy Fraud” reports:

The complaint … accuses Nche Noel of Cameroon of using a network of fake websites, Google Voice phone numbers, and Gmail accounts to pretend to sell purebred basset hound puppies to people online.

And the conduit for these alleged untoward actions? Google. Now how did Google’s smart software overlook fake websites, issue Google Voice numbers, and permit Gmail accounts used for the alleged bad puppy things? Nope. AARP connected with Googzilla. Yeah, smart software? Nope.

Stephen E Arnold, April 22, 2022

Tim Apple and Unintended Consequences: AirPods?

Apple in my opinion emphasizes privacy. (How about the iPhone and the alleged NSO Group Pegasus functionality?) “Ukrainians Are Tracking the Movement of Russian Troops Thanks to One Occupier Looter with AirPods.” I am not sure if the write up is accurate. The source says “truth.” But…

The tracking thing is interesting; for example, Phone home malware on an iPhone, an AirTag hidden on a Russian T-14 Armata, or AirPods. Head phones? Yep.

The cited article reports:

A Russian soldier stole [a Ukrainian’s] AirPods (wireless headphones) when looting [the Ukrainian’s] apartment while Russian occupying forces were in Gostomel. Russian soldiers withdrew, but thanks to the technology on Apple devices, Ukrainians can keep track of where their headphones are. Find My technology on Apple devices lets you find the location of a lost device on the map if it’s near Bluetooth smartphones or connected to Wi-Fi.

What can one do with the help geo-location functions? One idea is to use the coordinates as a target for a semi-smart missile. (This is not a criticism of smart software. It is part of the close enough for horseshoes methods which can often deliver the payload somewhere unintended.)

Now about that Tim Apple privacy thing? Pravda or falsehood?

Stephen E Arnold, April 19, 2022

Does Apple Have a High School Management Precept: We Are Entitled Because We Are Smarter Than You

The story “Ex-Apple Employee Takes Face ID Privacy Complaint to Europe” contains information about an Apple employee’s complaint to the “privacy watchdogs outside the US.” I have no insight into the accuracy or pervasiveness of Apple’s alleged abuses of privacy. The write up states:

Gjøvik [the former Apple employee blowing the privacy horn] urges the regulators to “investigate the matters I raised and open a larger investigation into these topics within Apple’s corporate offices globally”, further alleging: “Apple claims that human rights do not differ based on geographic location, yet Apple also admits that French and German governments would never allow it to do what it is doing in Cupertino, California and elsewhere.”

What I find interesting is that employees who go to work for a company with trade secrets is uncomfortable with practices designed to maintain secrecy. When I went to work for a nuclear engineering company, I understood what the products of the firm could do. Did I protest the risks some of those products might pose? Nope. I took the money and talked about computers and youth soccer.

Employees who sign secrecy agreements (the Snowden approach) and then ignore them baffle me. I think I understand discomfort with some procedures within a commercial enterprise. A new employee often does not know how to listen or read between the lines of the official documents. My view is that an employee who finds an organization a bad fit should quit. The litigation benefits attorneys. I am not confident that the rulings will significantly alter how some companies operate. The ethos of an organization can persist even as the staff turns over and the managerial wizards go through the revolving doors.

As the complaint winds along, the legal eagles will benefit. Disenchanted employees? Perhaps not too much. The article makes clear that when high school science club management precepts are operational, some of the managers’ actions manifest hubris and a sense of entitlement. These are admirable qualities for a clever 16 year old. For a company which is altering the social fabric of societies, those high school concepts draw attention to what may be a serious flaw. Should companies operate without meaningful consequences for their systems and methods? Sure. Why not?

Stephen E Arnold, April 19, 2022

Google and Tracking Magic

Tracking user locations is baked in to Google’s apps, and that is unlikely to change as long as tracking data (“anonymized,” we are repeatedly assured) remains a valuable source of revenue. CNet considers, “Can You Really Stop Google from Tracking You? Here’s What We Know.” The short answer—you can try. Reporter Kelsey Fogarty writes:

“If you use Google’s apps on your iPhone or Android phone, it’s a good possibility you’re being tracked. And turning off your location history in your Google account doesn’t mean you’re in the clear. Disabling that setting may seem like a one-and-done solution, but some Google apps are still storing your location data. Simply opening the Google Maps app or using Google search on any platform logs your approximate location with a time stamp. In the latest lawsuits against the giant search engine company, Google has been sued by several states due to its use of location data. They allege Google makes it ‘nearly impossible’ for people to prevent their location from being tracked. After a 2018 investigation by the Associated Press, Google added features to make it easier to control what location and other data is saved, and what is deleted with features like Your Data in Maps and Search, which give you quick access to your location controls. However, DC Attorney General Karl Racine said, ‘Google falsely led consumers to believe that changing their account and device settings would allow customers to protect their privacy and control what personal data the company could access.’ Google has since defended itself.”

Of course it has. The company points to several measures one can take to “turn off” tracking, insisting control is in the hands of users. However, the write-up hints, there is no guarantee they will actually work. See the article for these methods—they may at least improve one’s odds. Or not. Google does promise one thing: users who turn off tracking will receive a less personalized experience, meaning less relevant ads and less helpful local search. Who needs privacy when one must have the name and number of the closest tapas joint.

Cynthia Murrell, February 4, 2022

With Time and Money You May Be Able to Scrub That Web Content about You

What is posted on he Internet stays in the digital ether forever, but occasionally content can be deleted but only with a lot of work. AIM explains how your Internet breadcrumbs can be deleted in the article, “Online Tools That Help You Remove Your Digital Footprint.” A person’s contact information and interests is the lifeblood of growing businesses. According to the Mine privacy start-up after they surveyed 30,000 of its users, it was discovered that a user’s email was in 350 companies databases.

That sounds like a startling statistic, but emails are shared like people used to share cigarettes. Also mailing houses and phonebooks used to list and sell the same information. Back in analog paper days, people did not have GPSs strapped to their bodies at all times so it is alarming that we can be tracked at all times and everything we do is recorded. There are ways to combat data collection, such as using privacy browsers like Brace, Firefox, and Duck Duck Go:

“Firefox is a great alternative for web browsing for privacy with its ‘Enhanced Tracking Protection’ that automatically blocks online trackers. Similarly, Duck Duck Go does not track user activity and open tabs and your browsing history can be deleted with a tap. These also include a signal ‘Global Privacy Control’ that sends your “do not sell” preference directly to websites you visit.”

There are also data deletion services. Users can backtrack and ask companies to delete all of their personal data, but it is a tedious task. Instead there are companies users can hire to delete all their personal information. It is like those services that you can hire to remove you from physical junk mail lists.

It makes sense that startups would spring up that specialize in deleting personal information. The idea is genius for niche market in cyber security and some of the companies are: Delete Me, Mine, Data Privacy Manager, Ontrack, Rightly, and Privacy bot.

The bigger question is do these companies actually provide decent services or are they a bait and switch? Our take? Parts of Internet indexes are like lice in a college dorm.

Whitney Grace, January 25, 2022

Apple: The Privacy Outfit

I have avoided writing about Apple’s handy dandy stalker gadgets. Those are some super special privacy centric gizmos, aren’t they? I will, however, point anyone with an interest in Apple’s privacy approach to “Your iPhone Can Secretly Listen to Conversations with AirPods — Here’s How.” Good actors and bad actors may get some surveillance ideas. The article says:

Apple’s Live Listen feature lets you hear someone speaking around 50 feet away.

That’s handy, isn’t it?

Allegedly the system works with AirPods, AirPods Pro, AirPods Max, Powerbeats Pro or Beats Fit Pro.

For the how to, absorb the information in the article, which includes illustrative screen shots. Yep, Apple is definitely into profits, ooops, I meant privacy.

Stephen E Arnold, January 14, 2022

Interesting Dating App Not Publicly Loved by the EU

Anyone wishing to keep up with decisions regarding the EU’s General Data Protection Regulation (GDPR) can turn to the GDPRhub wiki. Unfortunately, articles posted there are not always the easiest to read, especially after being machine-translated from one language to another. We slogged through the tortured prose in Norway authority Datatilsynet’s article 20/02136-18 regarding a recent fine imposed upon Grindr. The introductory summary states:

“In January 2020, the Norwegian DPA received 3 complaints against Grindr from the Norwegian Consumer Council (NCC) in collaboration with noyb [European Center for Digital Rights] regarding the sharing of data between the Grindr app and advertising partners MoPub, Xandr, OpenX Software, Ad Colony and Smaato. The complaint was based on the report ‘out of control’ prepared by the company mnemonic, and commissioned by the NCC. The NCC’s inquiry showed that Grindr shared certain categories of personal data to several advertising partners, including advertising ID, IP address, GPS, location, gender, age, device information and app name. The data was shared through software development kits (SDKs).”

The rest of the post outlines the technical details about the case, including issues of jurisdiction, guideline violations, and assessment of the 65,000,000 NOK ($7,345,000) fine. The key issue is Grindr’s user agreement, which did not give users enough control over their personal data to meet GDPR requirements. See the article for an extensive discussion of that reasoning. Basically, it looks like Grindr just did what it wanted and assumed it could beg for forgiveness. It was sadly mistaken. Let this be a lesson to other companies looking to distribute their apps in Europe. Fines that Google, Facebook, and Amazon weather as a matter of course could break smaller outfits.

Cynthia Murrell, January 11, 2021

DarkCyber for November 30, 2021: Sean Brizendine, SecureX

This DarkCyber program features an interview with Sean Brizendine. He is one of the founders of SecureX, where he serves as the director of Blockchain technology. The interview covers:

• SecureX’s secret sauce in the crypto currency and services market
• How open source software fits into the company’s technology portfolio
• How the products and services further the capabilities of Web 3.0, distributed computing, and enhanced online security.

Mr. Brizendine is a certified Certified IIB Council Blockchain Professional & EC Council Online University Lecturer covering Blockchain in their Cyber Talk Webinar Series.

You can view the 11 minute interview on YouTube at this link.

Kenny Toth, November 30, 2021

An Example of Modern Moral Responsibility Avoidance

Virtual Private Networks (VPNs) are supposed to be one of the  Surfside condo’s garage pillars of network security. In reality, however, it all depends on the VPN provider. We learn about one cryptic hack from Tech.co’s piece, “Researchers Uncover Mystery Data Breach of 300 Million VPN Records.” Writer Jack Turner explains:

“Security firm Comparitech claims to have discovered an exposed database in early October, which held over 100GB of data and 300 million records, in various forms. Within the data that was compromised were 45 million user records that included email addresses, encrypted passwords, full name and username; 281 million user device records including IP address, county code, device and user ID; and 6 million purchase records including the product purchased and receipts. All in all, it represents a motherlode of data that could conceivably be used for nefarious purposes, including phishing campaigns, should it fall into the wrong hands. While the database was closed within a week of Comparitech discovering it, the data it contained has apparently been made public.”

Not good. But what makes this case so mysterious? The VPN provider ActMobile Networks, which operates a number of VPN brands, denies even maintaining any databases. However, we learn:

“According to Comparitech, if the data didn’t come from ActMobile, it came from someone trying very hard to impersonate them. The SSL certificate of the compromised server shows it belonging to actmobile.com, the WHOIS record for the IP address where the data was located is listed as being owned by ActMobile Networks, and the database held several references to ActMobile’s VPN brands.”

Hmm. Turner emphasizes it is important to choose a VPN that indeed does not maintain logs, though they may cost a little more. See the article for Tech.co’s top nine recommendations.

And moral responsibility. Hey, these are zeros and ones, not fuzzy stuff.

Cynthia Murrell November 22, 2021

Veraset: Another Data Event

Here is a good example of how personal data, in this case tracking data, can be used without one’s knowledge. In its article “Files: Phone Data Shared” the Arkansas Democrat Gazette reports that data broker Veraset provided phone location data to the US Department of Health last year as part of a free trial. The transaction was discovered by digital-rights group Electronic Frontier Foundation. The firm marketed the data as valuable for COVID research, but after the trial period was up the agency declined to move forward with a partnership. The data was purportedly stripped of names and other personal details and the researchers found no evidence it was misused. However, Washington Post reporter Drew Harwell writes:

“[Foundation technologist Bennett Cyphers] noted that Veraset’s location data includes sequences of code, known as ‘advertising identifiers,’ that can be used to pinpoint individual phones. Researchers have also shown that such data can be easily ‘de-anonymized’ and linked to a specific person. Apple and Google announced changes earlier this year that would allow people to block their ID numbers from being used for tracking. Veraset and other data brokers have worked to improve their public image and squash privacy concerns by sharing their records with public health agencies, researchers and news organizations.”

Amidst a pandemic, that tactic just might work. How do data brokers get this information in the first place? We learn:

“Data brokers pay software developers to include snippets of code in their apps that then sent a user’s location data back to the company. Some companies have folded their code into games and weather apps, but Veraset does not say which apps it works with. Critics have questioned whether users are aware that their data is being shared in such a way. The company is a spinoff of the location-data firm SafeGraph, which Google banned earlier this year as part of an effort to restrict covert location tracking.”

Wow, banned by Google—that is saying something. Harwell reports SafeGraph shared data with the CDC during the first few weeks of the pandemic. The agency used that data to track how many people were staying home for its COVID Data Tracker.

App users, often unwittingly, agree to data sharing in those opaque user agreements most of us do not read. The alternative, of course, is to deprive oneself of technology that is increasingly necessary to operate in today’s world. It is almost as if that were by design.

Cynthia Murrell November 22, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • FOGINT: Security Tools Over Promise & Under Deliver
  • More Googley Human Resource Goodness
  • Point-and-Click Coding: An eGame Boom Booster
  • China Smart, US Dumb: LLMs Bad, MoEs Good
  • Management Brilliance Microsoft Suggests to Customers, “You Did It!”

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org