With Time and Money You May Be Able to Scrub That Web Content about You

January 25, 2022

What is posted on he Internet stays in the digital ether forever, but occasionally content can be deleted but only with a lot of work. AIM explains how your Internet breadcrumbs can be deleted in the article, “Online Tools That Help You Remove Your Digital Footprint.” A person’s contact information and interests is the lifeblood of growing businesses. According to the Mine privacy start-up after they surveyed 30,000 of its users, it was discovered that a user’s email was in 350 companies databases.

That sounds like a startling statistic, but emails are shared like people used to share cigarettes. Also mailing houses and phonebooks used to list and sell the same information. Back in analog paper days, people did not have GPSs strapped to their bodies at all times so it is alarming that we can be tracked at all times and everything we do is recorded. There are ways to combat data collection, such as using privacy browsers like Brace, Firefox, and Duck Duck Go:

“Firefox is a great alternative for web browsing for privacy with its ‘Enhanced Tracking Protection’ that automatically blocks online trackers. Similarly, Duck Duck Go does not track user activity and open tabs and your browsing history can be deleted with a tap. These also include a signal ‘Global Privacy Control’ that sends your “do not sell” preference directly to websites you visit.”

There are also data deletion services. Users can backtrack and ask companies to delete all of their personal data, but it is a tedious task. Instead there are companies users can hire to delete all their personal information. It is like those services that you can hire to remove you from physical junk mail lists.

It makes sense that startups would spring up that specialize in deleting personal information. The idea is genius for niche market in cyber security and some of the companies are: Delete Me, Mine, Data Privacy Manager, Ontrack, Rightly, and Privacy bot.

The bigger question is do these companies actually provide decent services or are they a bait and switch? Our take? Parts of Internet indexes are like lice in a college dorm.

Whitney Grace, January 25, 2022

Apple: The Privacy Outfit

January 14, 2022

I have avoided writing about Apple’s handy dandy stalker gadgets. Those are some super special privacy centric gizmos, aren’t they? I will, however, point anyone with an interest in Apple’s privacy approach to “Your iPhone Can Secretly Listen to Conversations with AirPods — Here’s How.” Good actors and bad actors may get some surveillance ideas. The article says:

Apple’s Live Listen feature lets you hear someone speaking around 50 feet away.

That’s handy, isn’t it?

Allegedly the system works with AirPods, AirPods Pro, AirPods Max, Powerbeats Pro or Beats Fit Pro.

For the how to, absorb the information in the article, which includes illustrative screen shots. Yep, Apple is definitely into profits, ooops, I meant privacy.

Stephen E Arnold, January 14, 2022

Interesting Dating App Not Publicly Loved by the EU

January 13, 2022

Anyone wishing to keep up with decisions regarding the EU’s General Data Protection Regulation (GDPR) can turn to the GDPRhub wiki. Unfortunately, articles posted there are not always the easiest to read, especially after being machine-translated from one language to another. We slogged through the tortured prose in Norway authority Datatilsynet’s article 20/02136-18 regarding a recent fine imposed upon Grindr. The introductory summary states:

“In January 2020, the Norwegian DPA received 3 complaints against Grindr from the Norwegian Consumer Council (NCC) in collaboration with noyb [European Center for Digital Rights] regarding the sharing of data between the Grindr app and advertising partners MoPub, Xandr, OpenX Software, Ad Colony and Smaato. The complaint was based on the report ‘out of control’ prepared by the company mnemonic, and commissioned by the NCC. The NCC’s inquiry showed that Grindr shared certain categories of personal data to several advertising partners, including advertising ID, IP address, GPS, location, gender, age, device information and app name. The data was shared through software development kits (SDKs).”

The rest of the post outlines the technical details about the case, including issues of jurisdiction, guideline violations, and assessment of the 65,000,000 NOK ($7,345,000) fine. The key issue is Grindr’s user agreement, which did not give users enough control over their personal data to meet GDPR requirements. See the article for an extensive discussion of that reasoning. Basically, it looks like Grindr just did what it wanted and assumed it could beg for forgiveness. It was sadly mistaken. Let this be a lesson to other companies looking to distribute their apps in Europe. Fines that Google, Facebook, and Amazon weather as a matter of course could break smaller outfits.

Cynthia Murrell, January 11, 2021

DarkCyber for November 30, 2021: Sean Brizendine, SecureX

November 30, 2021

This DarkCyber program features an interview with Sean Brizendine. He is one of the founders of SecureX, where he serves as the director of Blockchain technology. The interview covers:

  • SecureX’s secret sauce in the crypto currency and services market
  • How open source software fits into the company’s technology portfolio
  • How the products and services further the capabilities of Web 3.0, distributed computing, and enhanced online security.

Mr. Brizendine is a certified Certified IIB Council Blockchain Professional & EC Council Online University Lecturer covering Blockchain in their Cyber Talk Webinar Series.

You can view the 11 minute interview on YouTube at this link.

Kenny Toth, November 30, 2021

An Example of Modern Moral Responsibility Avoidance

November 22, 2021

Virtual Private Networks (VPNs) are supposed to be one of the  Surfside condo’s garage pillars of network security. In reality, however, it all depends on the VPN provider. We learn about one cryptic hack from Tech.co’s piece, “Researchers Uncover Mystery Data Breach of 300 Million VPN Records.” Writer Jack Turner explains:

Security firm Comparitech claims to have discovered an exposed database in early October, which held over 100GB of data and 300 million records, in various forms. Within the data that was compromised were 45 million user records that included email addresses, encrypted passwords, full name and username; 281 million user device records including IP address, county code, device and user ID; and 6 million purchase records including the product purchased and receipts. All in all, it represents a motherlode of data that could conceivably be used for nefarious purposes, including phishing campaigns, should it fall into the wrong hands. While the database was closed within a week of Comparitech discovering it, the data it contained has apparently been made public.”

Not good. But what makes this case so mysterious? The VPN provider ActMobile Networks, which operates a number of VPN brands, denies even maintaining any databases. However, we learn:

“According to Comparitech, if the data didn’t come from ActMobile, it came from someone trying very hard to impersonate them. The SSL certificate of the compromised server shows it belonging to actmobile.com, the WHOIS record for the IP address where the data was located is listed as being owned by ActMobile Networks, and the database held several references to ActMobile’s VPN brands.”

Hmm. Turner emphasizes it is important to choose a VPN that indeed does not maintain logs, though they may cost a little more. See the article for Tech.co’s top nine recommendations.

And moral responsibility. Hey, these are zeros and ones, not fuzzy stuff.

Cynthia Murrell November 22, 2021

Veraset: Another Data Event

November 22, 2021

Here is a good example of how personal data, in this case tracking data, can be used without one’s knowledge. In its article “Files: Phone Data Shared” the Arkansas Democrat Gazette reports that data broker Veraset provided phone location data to the US Department of Health last year as part of a free trial. The transaction was discovered by digital-rights group Electronic Frontier Foundation. The firm marketed the data as valuable for COVID research, but after the trial period was up the agency declined to move forward with a partnership. The data was purportedly stripped of names and other personal details and the researchers found no evidence it was misused. However, Washington Post reporter Drew Harwell writes:

“[Foundation technologist Bennett Cyphers] noted that Veraset’s location data includes sequences of code, known as ‘advertising identifiers,’ that can be used to pinpoint individual phones. Researchers have also shown that such data can be easily ‘de-anonymized’ and linked to a specific person. Apple and Google announced changes earlier this year that would allow people to block their ID numbers from being used for tracking. Veraset and other data brokers have worked to improve their public image and squash privacy concerns by sharing their records with public health agencies, researchers and news organizations.”

Amidst a pandemic, that tactic just might work. How do data brokers get this information in the first place? We learn:

“Data brokers pay software developers to include snippets of code in their apps that then sent a user’s location data back to the company. Some companies have folded their code into games and weather apps, but Veraset does not say which apps it works with. Critics have questioned whether users are aware that their data is being shared in such a way. The company is a spinoff of the location-data firm SafeGraph, which Google banned earlier this year as part of an effort to restrict covert location tracking.”

Wow, banned by Google—that is saying something. Harwell reports SafeGraph shared data with the CDC during the first few weeks of the pandemic. The agency used that data to track how many people were staying home for its COVID Data Tracker.

App users, often unwittingly, agree to data sharing in those opaque user agreements most of us do not read. The alternative, of course, is to deprive oneself of technology that is increasingly necessary to operate in today’s world. It is almost as if that were by design.

Cynthia Murrell November 22, 2021

The Boss of the DoubleClick Outfit Offers Some Advice

October 19, 2021

I read “Alphabet CEO Sundar Pichai Calls for Federal Tech Regulation, Investments in Cybersecurity.” What did the owner of DoubleClick talk about?

That’s easy. Big things like quantum computing which is unlikely to arrive on the Google phone any time soon. And regulation. You know the rules of the road which the DoubleClick outfit follows like a super slick Waymo vehicle which rarely drive into a dead end or create a thrill or two for those spotting one in a bus lane. Plus cybersecurity. Right. That’s why the DoubleClick outfit apparently alerted some Gmail users that a mere nation state or two or three were interested in their missives.

The write up reports that the boss of the DoubleClick systems and methods stated in an interview at a high class technology event:

Pichai additionally tied consumer privacy to security, even noting that “one of the biggest risks to privacy is the data getting compromised” — an interesting statement coming only days after Amazon, a top Google rival, saw its game streaming site Twitch hacked. As for where to draw the line in regulating tech, Pichai said the law shouldn’t encroach on the open internet.

Yep, DoubleClick’s owner did not mention online advertising as originally crafted by pay-to-play innovator Yahoo. Right? Yahoo, the pre IPO settlement, and the GoTo.com/Overture business.

Nope, DoubleClick’s owner did not talk about online advertising and how that money machines has shaped Alphabet Google into the sleek, trustworthy, reliable, and Timnit Gebru-sensitive outfit it is today.

Minor omission. Understandable from the owner of the DoubleClick technology.

Following rules is the name of the game. The question is, “What rules is Alphabet Google following?”

Why new ones are important to the company is not particularly clear to me. But I just sit in my computer lab in rural Kentucky and marvel at how the owner of the DoubleClick technology can be so darned sincere and earnest.

As Oscar Wilde observed in the Importance of Being Earnest:

The truth is rarely pure and never simple.

That’s why it is challenging to delete old email on the Gmail system, why Android is a busy beaver in the transfer data stream, and why the Importance of Being Earnest is relevant to the mom-and-pop online advertising company and, of course, to quantum computing.

Stephen E Arnold, October 19, 2021

Human Editors and Subject Matter Experts? Dinosaurs but Just from a Previous Era

October 15, 2021

I read “Bugs in our Pockets: The Risks of Client-Side Scanning.” The embargo is amusing, and it underscores the issues related to confidential information and the notion of information wants to be free. Amusing, maybe not?

The write up looks a bit like a paper destined for a pay-to-play publisher or an outfit which cultivates a cabal-like approach to publishing. (Hello, ACM?) The paper includes 13 authors, and I suppose the idea is to convey consensus or a lead author who wishes to keep his or her head below the concrete bunker in order to avoid direct hits from those who don’t agree with the write up.

I neither agree nor disagree. I interpreted the write up as:

  • A clever bit of SEO, particularly the embargo and the availability of the paper to certain saucy online information services
  • A way to present some entities, although with the titles and email contacts favored by some link hunters
  • A technical bit of push back for assorted government mumbling about privacy, security, and another assault on personal freedoms.

Yep, the sky is falling.

Please, read the paper. One business executive allegedly said, “There is no return to normal. Today’s environment is the new normal.”

Is it possible this paper triggers Apple TV or YouTube to cue 1973 hit “The Way We Were”?

Stephen E Arnold, October 15, 2021

99 Percent Accurate: Close Enough for PR Output

August 24, 2021

I am not entering a horse in this race, a dog in this fight, or a pigeon in this race. I want to point to a write up in a newspaper in some way very tenuously connected to the former driver of the Bezos bulldozer. That write is “Opinion: Apple’s New Child Safety Tool Comes with Privacy Trade-Offs — Just Like All the Others.”

Right off the bat I noted the word “all.” Okay, categorical affirmatives put my teeth edge the same way Miss Blackburn’s fingernails scraping on the blackboard in calculus class did. “All”. Very tidy.

The write up contains an interesting statement or two. I circled this one in Bezos bulldozer orange:

The practice of on-device flagging may sound unusually violative. Yet Apple has a strong argument that it’s actually more protective of privacy than the industry standard. The company will learn about the existence of CSAM only when the quantity of matches hits a certain threshold, indicating a collection.

The operative word is threshold. Like “all”, threshold sparks a few questions in my mind. Does it yours? Let me provide a hint: Who or what sets a threshold? And under what conditions is a threshold changed? There are others, but I want to make this post readable to my TikTok-like readers.

I liked the conundrum angle too:

The benefit of nabbing abusers in this case may outweigh these hypothetical harms, especially if Apple holds itself to account — and the public keeps on the pressure. Yet the company’s conundrum emphasizes an unpleasant truth: Doing something to protect public safety in the Internet age is better than doing nothing — yet every “something” introduces issues of its own.

Fascinating. I am curious how Apple PR and marketing will respond. Hopefully with fewer unsupported assertions, info about thresholds, and the logician’s bane: A categorical affirmative.

Stephen E Arnold, August 24, 2021

Does Google Play Protect and Serve—Ads?

August 20, 2021

We hope, gentle reader, that you have not relied on the built-in Google Play Protect to safeguard your Android devices when downloading content from the Play store. MakeUseOf cites a recent report from AV-Test in, “Report: Google Play Protect Sucks at Detecting Malware.” Writer Gavin Phillips summarizes:

“With a maximum of 18 points on offer across the three test sections of Protection, Performance, and Usability, Google Play Protect picked up just 6.0—a full ten points behind the next option, Ikarus. AV-TEST pits each of the antivirus tools against more than 20,000 malicious apps. In the endurance test running from January to June 2021, there were three rounds of testing. Each test involved 3,000 newly discovered malware samples in a real-time test, along with a reference set of malicious apps using malware samples in circulation for around four weeks. Google Play Protect detected 68.8 percent of the real-time malware samples and 76.7 percent of the reference malware samples. In addition, AV-TEST installs around 10,000 harmless apps from the Play Store on each device, aiming to detect any false positives. Again, Google’s Play Protect came bottom of the pile, marking 70 harmless apps as malware.”

A chart listing the test’s results for each security solution can be found in the writeup or the report itself. More than half received the full 18 points while the rest fall between 16 and 17.8 points. Except for Google—its measly 6 points really set it apart as the worst option by far. Since Google “Protect” is the default security option for Android app downloads, this is great news for bad actors. The rest of us would do well to study the top half of that list. iOS users excepted.

Based in Magdeburg, Germany, research institute AV-Test pits the world’s cyber security solutions against its large collection of digital malware samples and makes results available to private users for free. The firm makes its money on consulting for companies and government institutions. AV-Test was founded in 2004 and was just acquired by Ufenau Capital Partners in February of this year.

Cynthia Murrell, August 20, 2021

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta