Jump to content

Search the Community

Showing results for tags 'data'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

  1. Lately, I've been observing that some process is using my bandwith countinuously even if I'm not running any app related to network usage. I also have all system processes like windows update and the live tiles are turned off. But the moment I connect my dial up connection and do nothing, the data counter starts ticking continuously and never stops leading my costly bandwidth to drain out. Then I'm advised to use TCPview and using that I've found the culprit out and it's a svchost process. Below is the screenshot. Turning that off, it disconnects the network connection. I wanna know if there is anything to get rid of the situation.
  2. BT, Virgin Media, Sky and TalkTalk have been quizzed over how they gather and store customers' data in light of a recent EU ruling declaring such practices unlawful. On Tuesday the Court of Justice of the European Union (CJEU) ruled that the Data Retention Directive, which requires internet service providers (ISPs) to retain “traffic and location data” for at least two years, was unlawful. Privacy campaigners in Austria and human rights advocacy group Digital Rights Ireland had challenged the Directive by arguing it abused individuals' rights to privacy. The cases were referred to the CJEU. In its ruling the CJEU said that, despite being introduced for national security purposes, the requirements “may provide very precise information on the private lives of the persons whose data are retained” such as where they live, social relationships and daily activities. As such it said they were incompatible with wider EU law. “The Court takes the view that, by requiring the retention of those data and by allowing the competent national authorities to access those data, the directive interferes in a particularly serious manner with the fundamental rights to respect for private life and to the protection of personal data,” it said. The decision does not mean the law has changed immediately, but member states will be required to ensure their legislation comes into line with the judgment. "National legislation needs to be amended only with regard to aspects that become contrary to EU law after a judgment by the European Court of Justice," the European Commission explained. In light of this fact, industry body the Internet Service Providers Association (ISPA) has called on the government to outline its response to the decision. “The CJEU ruling has the potential for major changes to the data-retention regime, however we believe that for the time being that obligations remain in place," said Nicholas Lansman, ISPA secretary general. "It is crucial that the European Commission and Home Office provide guidance and clarity to industry." In response, the Home Office made a statement saying the department was reviewing the judgment and added that it believes the law is a vital part of national security. "The retention of communications data is absolutely fundamental to ensure law enforcement have the powers they need to investigate crime, protect the public and ensure national security.” Pressure on ISPs Nevertheless, the UK's biggest ISPs – BT, Virgin Media, Sky and TalkTalk – are already being asked how they intend to abide by the ruling, with the Open Rights Group (ORG) writing a letter asking how they will ensure they are not collecting data any more. "These regulations no longer have a valid basis in UK law. It is our understanding that ISPs therefore should not be retaining user data unless there is some other legal basis for doing so,” wrote ORG executive director Jim Killock. He asked the firms to clarify that they are not abiding by the Data Retention Directive any more, as well as what data they are still collecting for their own purposes, why they are doing so, and for how long the data is stored. V3 contacted BT, Sky and TalkTalk for response to the judgment but no response had been received at the time of publication. Gareth Mead, a spokesperson for Virgin Media, said: "We are seeking clarification on what this means for us under UK law." Killock from the ORG told V3 that TalkTalk confirmed to him that they have written to the government to ask for their position, but have not changed their setup as yet. PRISM backlash The judgement by the CJEU comes amid ongoing revelations into the spying carried out by agencies such as the UK Government Communications Headquarters (GCHQ) and the US National Security Agency (NSA). The professor of EU and Human Rights Law at the University of Essex Steve Peers wrote in a blog post on the ruling that the CJEU had "seized the chance to give an 'iconic' judgment on the protection of human rights in the EU" amid these concerns. "The Court’s judgment can be seen in the broader context of continued revelations about mass surveillance," he wrote. "Its reference to the retention of data by third states is a thinly disguised allusion to the spying scandals emanating from the United States." Bridget Treacy, head of the UK Privacy and Cybersecurity practice at law firm Hunton & Williams, agreed. “These criticisms [by the CJEU] are consistent with European concerns voiced in the wake of last summer’s revelations of the NSA’s covert surveillance activities," she wrote. Source
  3. Popular Whatsapp-like messaging service Viber is exposing users to man-in-the-middle and other attacks because it isn’t encrypting various data at rest and in transit, security researchers have warned. The mobile app allows users to send each other messages, videos, images and “doodles”, share GPS location details and make voice calls. However, researchers at the University of New Haven Cyber Forensics Research and Education Group (UNHcFREG) found a “serious security flaw” in the way Viber receives videos, images and doodle files; the way it sends and receives location data; and the way it stores data on its Amazon servers.The team’s experimental network created a rogue access point utilising a Windows 7 PC’s Virtual Wi-Fi Miniport Adapter and a first smartphone connected to the same network. It then connected a second smartphone outside the network via GSM and used it to exchange data with the first smartphone over Viber. It said that with tools such as NetworkMiner, Wireshark, and NetWitness it was able to capture traffic sent over the test network. Specifically, the team claimed that images, doodles and videos received are unencrypted; location data sent and received is unencrypted; and data is stored on the Viber Amazon servers in unencrypted format. Further, it said user data stored on Viber's Amazon servers is not deleted immediately and that it can be easily accessed without any authentication mechanism – “simply visiting the intercepted link on a web browser gives us complete access to the data”. The researchers added the following: UNHcFREG said it had already informed Viber of the security flaws but received no word back at the time of publishing. A video of the test (h/t The Hacker News) can be found here. Anyone, including the service providers will be able to collect this information – and anyone that sets up a rogue AP, or any man-in-the middle attacks such as ARP poisoning will be able to capture this unencrypted traffic and view the images and videos received as well as the locations being sent or received by a phone. It recommended Viber ensure all data in transit is sent over an encrypted tunnel, that data is encrypted properly when saved and that it access to it must require authentication. The Israeli-backed messaging service, based in Cyprus, was recently acquired for $900 million by Japanese e-commerce giant Rakuten in a bid to take the firm “to a different level”. For the record, the same team of New Haven uni testers last week published research claiming a bug in Whatsapp's "location sending" feature. Source
  4. A team of Dutch scientists has reportedly managed to 'teleport' information between two computers. The news came through a publication in a popular science journal, where they claimed to exchange data between two computers despite a lack of any connection. The technology used during this breakthrough has led Professor Ronald Hanson to claim that it would be possible to teleport ourselves with distance in the future. What we are teleporting is the state of a particle. If you believe we are nothing more than a collection of atoms strung together in a particular way, then in principle it should be possible to teleport ourselves from one place to another. As for the present, Professor Hanson and his team has provided a key step towards building quantum networks, and ultimately the quantum internet. The teleportation medium known as 'quantum entanglement' is completely hackproof, it's impossible to intercept the information relayed. The group of scientists achieved the data teleportation over a distance of three meters, they look to testing a distance of 1,300 meters this summer. Optical elements to guide single photons to each diamond The information transferred during the experiment is stored on diamond quantum bits. These are significantly more complex than the standard 'bit' that we see in our devices today. The diamond bits can store multiple values at once, contrasting to our limited '0 and 1' signaling scheme. What you're doing is using entanglement as your communication channel. The information is teleported to the other side, and there's no way anyone can intercept that information. In addition to this breakthrough, the team has gone directly against Einstein's belief that 'quantum entanglement' does not exist. Previously cast as "spooky actions" from the man himself, the team need to further prove that the entanglement process works with distance. Creating a hackproof internet is both exciting and daunting in its own right. If the breakthrough's continue coming our way, we could see data exchanges previously unheard of. The potential for an increase in crime rate is also huge. But don't go packing your bags for rural Alaska quite yet, it's still in early stages and there's no sign of any fully functioning network at this stage. Source
  5. Emergency powers to ensure police and security services can continue to access phone and internet records are being rushed through Parliament. Prime Minister David Cameron has secured the backing of all three main parties for the highly unusual move. He said urgent action was needed to protect the public from "criminals and terrorists" after the European Court of Justice struck down existing powers. But civil liberties campaigners have warned it will invade people's privacy. Mr Cameron defended the move in a joint news conference with Deputy Prime Minister Nick Clegg, saying it was about maintaining existing capabilities - not introducing new snooping laws. 'Vital measures' "We face real and credible threats to our security from serious and organised crime, from the activity of paedophiles, from the collapse of Syria, the growth of Isis in Iraq and al Shabab in East Africa. "I am simply not prepared to be a prime minister who has to address the people after a terrorist incident and explain that I could have done more to prevent it." He added: "I want to be very clear that we are not introducing new powers or capabilities - that is not for this Parliament. "This is about restoring two vital measures ensuring that our law enforcement and intelligence agencies maintain the right tools to keep us all safe." Mr Cameron there would also be new moves to "increase transparency and oversight", including: The creation of a new Privacy and Civil Liberties Oversight Board to scrutinise the impact of the law on privacy and civil libertiesAnnual government transparency reports on how these powers are usedThe appointment of a senior former diplomat to lead discussions with the US government and internet firms to establish a new international agreement for sharing data between legal jurisdictionsA restriction on the number of public bodies, including Royal Mail, able to ask for communications data under the controversial Regulation of Investigatory Powers Act (RIPA)Termination clause ensuring these powers expire at the end of 2016A wider review of the powers needed by government during the next parliament Mr Cameron stressed that the data being retained does not include the content of messages and phone calls - just when and who the companies' customers called, texted and emailed. But the emergency Data Retention and Investigation Powers Bill would also "clarify" the law on bugging of suspects' phones by the police and security services, when the home secretary issues a warrant, after concerns service providers were turning down requests. "Some companies are already saying they can no longer work with us unless UK law is clarified immediately," said Mr Cameron. "Sometimes in the dangerous world in which we live we need our security services to listen to someone's phone and read their emails to identify and disrupt a terrorist plot." Analysis By Nick Robinson, BBC Political Editor Critics will no doubt argue that the time for a debate about what powers will replace this law is now. To pass any new law in just a week is rare. So too is it to have the backing of all three main parties even before it is published. Read more The government says it was forced to act after the European Court struck down an EU directive in April requiring phone and internet companies to retain communications data for 12 months. And emergency legislation was needed, it argues, because service providers were being threatened with legal action by campaigners if they did not start destroying data that could prove vital to criminal investigations and court cases. But Mr Cameron repeated his vow to push ahead with plans for a giant database of all websites visited by UK citizens, dubbed a "snooper's charter" by critics, if he wins the next election. 'Stitch-up' Mr Clegg blocked attempts by this government to pass what he called the "snooper's charter" - but he said he had been convinced of the need for the more limited powers contained in the emergency Data Retention and Investigation Powers Bill. The legislation contains what Mr Clegg described as a "poisoned pill" which will mean the powers cease at the end of 2016, in an effort to ensure the next parliament takes a more considered look at the issue. The Lib Dem leader said successive governments had "neglected civil liberties as they claim to pursue greater security", but added: "I wouldn't be standing here today if I didn't believe there is an urgent challenge facing us. "No government embarks on emergency legislation lightly but I have been persuaded of the need to act and act fast." The bill will be pushed through Parliament in seven days - a process that normally takes several months. MPs will be given a chance to debate it in an extended Commons sitting on Tuesday, but Labour's Tom Watson said they would not get time to properly consider the plans and he branded it a "stitch-up". The Open Rights Group, which has been pushing service providers to start destroying data following the European Court ruling, criticised the government for using the threat of terrorism to push through an "emergency law" that it says has no legal basis. Executive Director Jim Killock said: "Not only will the proposed legislation infringe our right to privacy, it will also set a dangerous precedent where the government simply re-legislates every time it disagrees with a decision by the CJEU. The ruling still stands and these new plans may actually increase the amount of our personal data that is retained by ISPs, further infringing on our right to privacy. "Blanket surveillance needs to end. That is what the court has said." Source
  6. A new survey from the National Cybersecurity Association (NCSA) shows adult workers vastly overestimate the security of the internet devices in their homes. The Nest Learning Thermostat is displayed at a Home Depot store. As COVID-19 forced companies to embrace remote working, home networks transformed into office networks. That’s proving a problem for CISOs. “You can’t just assume that people know how to stay secure in this moment,” NCSA chief operating officer Sylvia Layton told SC Media. The survey polled 1,000 adults – 500 aged 18-34 and 500 aged 50-75 – and found that the overwhelming majority of both believed the internet of things devices they owned were secure. Since the boom of teleworking earlier this year, experts have warned that home networks create business risk. While the survey was for all adults, not just teleworkers, it provides some concrete data on just how much risk is hiding at home. IoT devices, particularly those that are cheap, outdated and hard to upgrade, are widely considered to be an easy target for hackers. Yet 87 percent of the younger group and 77 percent of the older group said they were either “somewhat” or “very confident” in the security of their connected things. “It’s surprising, but the older generation was more risk-averse,” said Layton. Another finding from the same survey: 17 percent of the younger group and 37 percent of the older group said they did not regularly check or install updates (either claiming never, every 2-3 months, or “maybe if an auto-update happens.”) In many companies, especially in smaller companies, employees are using home computers rather than office issued computers – leaving updates completely in their own hands. Layton suggests CISOs better train employees for the rigors of working from home. Dmitriy Ayrapetov, vice president of platform architecture at the distributed office security vendor SonicWall, said CISOs might want to suggest employees segment home networks to isolate office computing. Segmenting networks would be key to blocking hackers from leveraging an IoT foothold in a home network to disrupt office networks. But that can be either too complex or too much of a hassle for many employees. An alternative, said Ayrapetov, would be offering employees access points. “A year ago, of course, you had some people working from home, but it was a self-selecting group who knew what they were doing, had office laptops and weren’t sharing a laptop with their kids e-learning,” saidAyrapetov. “A lot of small and medium-sized business got yanked five years into the future by quarantine.” Source
  7. Details about hackers obtained the files remain unclear. Ransomware gang also threatened to leak the source code of Watch Dogs: Legion, an upcoming Ubisoft game. A ransomware gang going by the of Egregor has leaked data it claims to have obtained from the internal networks of two of today's largest gaming companies — Ubisoft and Crytek. Data allegedly taken from each company has been published on the ransomware gang's dark web portal on Tuesday. Details about how the Egregor gang obtained the data remain unclear. Ransomware gangs like Egregor regularly breach companies, steal their data, encrypt files, and ask for a ransom to decrypt the locked data. However, in many incidents, ransomware gangs are also get caught and kicked out of networks during the data exfiltration process, and files are never encrypted. Nevertheless, they still extort companies, asking victims for money to not leak sensitive files. Usually, when negotiations break down, ransomware gangs post a partial leak of the stolen files on so-called leak sites. On Tuesday, leaks for both Crytek and Ubisoft were posted on the Egregor portal at the same time, with threats from the ransomware crew to leak more files in the coming days. For the Ubisoft leak, the Egregor group shared files to suggest they were in possession of source code from one of the company's Watch Dogs games. On its web portal, the group touted they were in possession of the source code for the Watch Dogs: Legion game, scheduled to be released later this month. It was, however, impossible to verify that these files came from the new game, rather than an existing release. For the past year, security researchers have tried to reach out and notify Ubisoft about several of its employees getting phished, with no results, which may provide a clue of how the hackers might have got it. But while hackers leaked only 20 MB from Ubisoft, they leaked 300 MB from Crytek, and this data contained a lot more information. The Crytek files included documents that appeared to have been stolen from the company's game development division. These documents contained resources and information about the development process of games like Arena of Fate and Warface, but also Crytek's old Gface social gaming network. Neither Ubisoft nor Crytek responded to emails seeking comment on the leaks. None of the companies reported major security incidents weeks, nor any abnormal and prolonged downtimes, suggesting the Egregor intrusion didn't likely impact cloud and gaming system, but merely backend office and work networks, where most ransomware incidents usually incur damages. However, in an email interview with ZDNet, the Egregor gang provided more details about the two incidents. The ransomware operators said they breached the Ubisoft network, but only stole data, and did not encrypt any of the company's files. On the other hand, "Crytek has been encrypted fully," the Egregor crew told ZDNet. The Egregor group said that neither company engaged in discussions, despite their intrusions, and no ransom has been officially requested yet. "In case Ubisoft will not contact us we will begin posting the source code of upcoming Watch Dogs and their engine," the group threatened, promising to publish more data in a press release tomorrow. Source
  8. Court records in an arson case show that Google gave away data on people who searched for a specific address. There are few things as revealing as a person's search history, and police typically need a warrant on a known suspect to demand that sensitive information. But a recently unsealed court document found that investigators can request such data in reverse order by asking Google to disclose everyone who searched a keyword rather than for information on a known suspect. In August, police arrested Michael Williams, an associate of singer and accused sex offender R. Kelly, for allegedly setting fire to a witness' car in Florida. Investigators linked Williams to the arson, as well as witness tampering, after sending a search warrant to Google that requested information on "users who had searched the address of the residence close in time to the arson." The July court filing was unsealed on Tuesday. Detroit News reporter Robert Snell tweeted about the filing after it was unsealed. Court documents showed that Google provided the IP addresses of people who searched for the arson victim's address, which investigators tied to a phone number belonging to Williams. Police then used the phone number records to pinpoint the location of Williams' device near the arson, according to court documents. The original warrant sent to Google is still sealed, but the report provides another example of a growing trend of data requests to the search engine giant in which investigators demand data on a large group of users rather than a specific request on a single suspect. "This 'keyword warrant' evades the Fourth Amendment checks on police surveillance," said Albert Fox Cahn, the executive director of the Surveillance Technology Oversight Project. "When a court authorizes a data dump of every person who searched for a specific term or address, it's likely unconstitutional." The keyword warrants are similar to geofence warrants, in which police make requests to Google for data on all devices logged in at a specific area and time. Google received 15 times more geofence warrant requests in 2018 compared with 2017, and five times more in 2019 than 2018. The rise in reverse requests from police have troubled Google staffers, according to internal emails. Google declined to disclose how many keyword warrants it's received in the last three years. Reverse search warrants like geofence warrants are being challenged across the US for violating civil rights. Lawmakers in New York have proposed legislation to make these searches illegal, while in Illinois, a federal judge found that the practice violated the Fourth Amendment. Keyword warrants aren't new. In 2017, Minnesota police sent a keyword warrant to Google for information including name, address, telephone number, Social Security numbers and IP addresses related to people who searched for a "Douglas [REDACTED]" in a fraud investigation. Todd Spodek, the attorney representing Williams, said he plans to challenge the legality of the keyword warrant issued in June. He hasn't seen the document yet but said he intends to argue that it violated Williams' rights. Spodek said he's seen more of these types of warrants being issued in criminal investigations and worries it could lead to wrongful accusations in the future. "Think of the ramifications in the future if everyone who searched something in the privacy of their own home was subject to interviews by federal agents," Spodek said. "Someone could be interested in how people die a certain way or how drug deals are done, and it could be misconstrued or used improperly." Source
  9. Another day, another Spotify acquisition. This time, it’s podcast advertising platform Megaphone, which the music streaming giant announced it was buying earlier today, in an attempt to beef up its advertising chops as it expands its roster of podcast programming. The acquisition accomplishes a few things for both the buyer and buy-ee. On Spotify’s end, the acquisition allows the major brands currently working with Megaphone to funnel some of their major brand bucks through Spotify’s systems, which will help Spotify pinch off a bigger chunk of the roughly $1 billion dollars worth of podcast advertising expected to be spent by the year’s end. Thanks to the acquisition, Spotify’s podcasters will also get the ability to “opt in” to having their shows monetized. Aside from opening those floodgates, podcasters currently monetizing through Megaphone will get access to Spotify’s proprietary ad-serving system, called Streaming Ad Insertion, to target listeners with ads served in real-time, based on everything from the artists that they stan to their zip code or gender. This ad-insertion tech also tracks how many people hear these ads, and how often a single person tends to hear them. As is the case with most things adtech, it can be a bit tricky to wrap your head around why a podcast-based-ad-platform like Megaphone would be worth much of anything, let alone the reported $235 million dollars that Spotify paid in the deal. In short, the answer is data. Back in 2017, Megaphone—then called Panoply—partnered with the data brokering giant Nielsen to become one of the first companies that gave podcast advertisers the same, well, kinda creepy targeting abilities companies had everywhere else on the web. If an advertiser wanted to know what podcasts a middle-aged divorcée in Utah was listening to while she drove out to buy groceries, chances are, Megaphone would be able to suss it out with the tens of thousands of bits of data it collected across the over 900 shows that were plugged into its platform, as of the middle of last year. Spotify largely allowed its users to be tracked and targeted based on the genre of podcasts they listened to until now—but even that was pretty basic, at least according to Spotify’s own description. On its own, Spotify might be able to tell advertisers that I was the type of person who binged comedy- and history-related podcasts on the regular, but any other demographics were typically inferred. Acquiring Megaphone is Spotify’s way of collecting more precise data on its rapidly growing listener base, so that base can be better targeted by data-hungry troves of high-paying advertisers. Podcast ads were a big motivator behind some of Spotify’s other recent acquisitions. Last year, when the company bought out the podcasting companies Gimlet Media and Anchor in a single-day, $343 million dollar splurge, analysts pointed out at the time that because there’s a top-shelf podcast for just about any imaginable niche out there—from true crime to comedy to breakfast enthusiasts—buying out these companies gave Spotify’s advertisers a fast pass to reach those audiences and more. The same could be said of The Ringer, another big-budget acquisition on Spotify’s part, which reportedly cost the company upwards of $196 million. While this changes little for users in terms of the content they have available, the Megaphone acquisition clarifies how to think about Spotify overall: It’s quickly becoming an advertising behemoth—less the Netflix of audio and much more akin to Facebook or Google for your ears. Source
  10. Google will add a "Privacy practices" section on each Chrome extension's Web Store page listing what data they collect from users and what the developer plans to do with it. Google said today it plans to add a new section on the Chrome Web Store where extension developers will be able to disclose what user data they're collecting from users and what they plan to do with the information. The new section is set to go into effect on January 18, 2021, and will appear as a "Privacy practices" button on each extension's Web Store listing. To aid the process, Google has added a new section today in the Web Store dashboard where extension developers will be able to disclose what data they collect from their users and for what purposes. Google's new "data usage" dashboard will ship with a limited set of preset options, which will effectively prohibit Chrome developers from certain data practices, such as: The bulk sale of user data by ensuring the use or transfer of user data is for the primary benefit of the user and in accordance with the stated purpose of the extension. The use or transfer of user data for personalized advertising. The use or transfer of user data for creditworthiness or any form of lending qualification and to data brokers or other information resellers. Google's new "data disclosure" policy is not unique. At the WWDC 2020 developer conference in June this year, Apple announced that all App Store app listings will soon be required to include a "privacy prompt (label)" that will list all the data points apps collect from users and which data points are used to track users across apps. Apple's privacy labels are scheduled to go live on December 8, next month. Google said it plans to show notices to all developers in the Web Store developer dashboards and prompt extension makers to set up a "privacy practices" section. Source
  11. Marketing firm parts with massive trove of customer data The last time an Apollo effort went this badly, Tom Hanks made a movie about it. Marketing intelligence (read: data broker) startup Apollo fessed up to being the victim of a massive theft that saw it reveal something in the neighborhood of nine billion points of data and contact information of 212 million people. As per usual, the massive trove was discovered online in a misconfigured database that had mistakenly been set to be accessible by anyone. Those "data points" include things like addresses and contact information, as well as contacts and connections on services like LinkedIn. Not particularly sensitive information, but a fairly valuable cache of data for marketers or, in the worst case, potential attackers looking to build spear-phishing emails. Source
  12. Late last year, the U.S. government accidentally revealed that a sealed complaint had been filed against Julian Assange, the founder of WikiLeaks. Shortly before this was made public, the FBI reconfirmed its investigation of WikiLeaks was ongoing, and the Wall Street Journal reported that the Department of Justice was optimistic that it would be able to extradite Assange. Soon after, portions of sealed transcripts leaked that implicate WikiLeaks and Assange in directing hackers to target governments and corporations. The charges against Assange have not been officially revealed, though it’s plausible that the offenses are related to Russian hacking and the DNC emails. The alleged offenses in the complaint notwithstanding, the government has an abundance of data to work with: over a dozen WikiLeaks’ computers, hard drives, and email accounts, including those of the organization’s current and former editors-in-chief, along with messages exchanged with alleged Russian hackers about DNC emails. Through a series of search warrants, subpoenas, equipment seizures, and cooperating witnesses, the federal government has collected internal WikiLeaks data covering the majority of the organization’s period of operations, from 2009 at least through 2017. The filing that committed a copy and paste error revealing charges against Assange. In some instances, the seized data has been returned and allegedly destroyed, such as in the case of David House, a technologist and friend of Chelsea Manning when she famously became a source for WikiLeaks. In others, the seized materials include communications between WikiLeaks and their sources. Some of these discussions show WikiLeaks discussing their other sources and specific identifying details about them. A copy of a chat log between Chelsea Manning and a WikiLeaks staff member IDed as Assange by government prosecutors and witnesses. Other seizures gave authorities a deeper view of the internal workings of WikiLeaks, including one of the earliest known seizures of WikiLeaks-related data, executed on December 14, 2010, when the messages and user information of several WikiLeaks-linked Twitter accounts were ordered. This search-and-seizure order included direct messages associated with WikiLeaks and its founder, former Army private first class and WikiLeaks source Chelsea Manning, WikiLeaks editor Rop Gongrijp, former WikiLeaks associate Jacob Appelbaum, and former WikiLeaks associate and Icelandic MP Birgitta Jonsdottir, between November 1, 2009, and the order’s execution. A couet order for information relating to people associated with WikiLeaks. On January 4, 2011, a sealed order filed in the Eastern District of Virginia requested all emails, address book, subscriber information, and other account information associated with Appelbaum’s email address [email protected], and another order would target his internet traffic. Appelbaum was a friend and confidant of Assange as well as a WikiLeaks volunteer. In 2010, Appelbaum was known as “the American WikiLeaks hacker,” and he was, at that time, referred to as WikiLeaks’ only known American member. In a private chat in 2015, WikiLeaks described Appelbaum as being “sort of” part of the group, though following multiple accusations of sexual abuse, the group publicly distanced itself from him. The emails obtained by the government extended from November 2010 at least through January 2011. The timing of the government’s acknowledgment of the order, along with other similar orders, suggest that the monitoring of the account may have continued through late 2014, when it and several orders were made public. A copy of a court order for information relating to Jacob Appelbaum, a hacker who worked with WikiLeaks (now credibly accused of multiple sexual assaults). Publicly released and leaked documents from Assange and his legal team allege that several laptops and hard drives belonging to the organization were intercepted by an intelligence agency during this time period. According to an affidavit from Assange, “three laptops ... assorted electronics [and] additional encrypted hard drives” were taken along with his suitcase in late September 2010. Assange’s legal team produced several additional affidavits and supporting documents detailing the existence and disappearance of the suitcase. The suitcase contained at least five hard drives, all of which were encrypted, according to Assange. However, the government has had eight years to guess or recover the passwords or break the encryption on the hard drives. Several other drives, numerous emails, and at least one cooperating witness may have aided in the process. Affadavit from Julian Assange. In mid-2011, the FBI had developed a major source who would become at least their second information with an eye into WikiLeaks’ operations. Soon after the arrest and cooperation of Hector Xavier Monsegur, a.k.a. Sabu, his hacking group (LulzSec) made contact with WikiLeaks. Sabu and LulzSec would become some of WikiLeaks’ most significant sources. The Syria files and Global Intelligence files LulzSec provided WikiLeaks increased their number of publications tenfold and still account for roughly half of their total number of publications. Communications between Sabu and WikiLeaks were monitored by the FBI. And some of the group’s communications with others were later seized in their arrest or turned over by Sigurdur Thordarson, a WikiLeaks volunteer who became an informant for the FBI that August. A section from the sentencing document for “Sabu.” It was later ID’d by WikiLeaks as about them. In addition to briefing the FBI in a series of meetings, Thordarson reportedly provided them with thousands of pages of WikiLeaks chat logs. Further, in March 2012, Thordarson allegedly provided the FBI with eight WikiLeaks hard drives containing up to 1020GB of data, according to a purported FBI document. Officials have not confirmed the authenticity of the document, though the amount of data provided is corroborated by additional sources. In an interview with Ars Technica, Thordarson claimed that Icelandic authorities had seized an additional 2 TB of WikiLeaks-related data from him, which he assumed was then shared with the U.S. American and Icelandic authorities had previously cooperated on Thordarson’s case and portions of the WikiLeaks investigation. According to leaked letters from WikiLeaks’ legal team, at least some of the hard drives had belonged to Assange. Thordarson’s debriefings and the hard drives of up to 3 TB of data may have contained the decryption keys or passwords needed to decrypt the hard drives Assange alleged had been seized earlier. A receipt given to Sigurdur Thordarson from the FBI for WikiLeaks hard drives. There are several hints as to the contents of these drives. According to the affidavit from Assange, the information on the hard drives included, in addition to the possible staff emails, “chat communications ... copies of passports [and] video footage taken in secret.” Following an Associated Press article based off of a cache of “WikiLeaks emails, chat logs, financial records, secretly recorded footage and other documents” from within the organization, WikiLeaks alleged that the cache was the same that had been provided to the FBI. In October 2011, amidst Thordarson and Sabu’s tenure as cooperating witnesses, American authorities issued a search warrant for the contents of WikiLeaks volunteer Herbert Snorrason’s Gmail account. The warrant requested all of the account’s information, “including stored or preserved copies of e-mails sent to and from the account, draft e-mails, deleted e-mails, emails preserved pursuant to a request made under 18 U.S.C. § 2703(f), the source and destination addresses associated with each e-mail, the date and time at which each e-mail was sent, and the size and length of each e-mail.” The volunteer had helped WikiLeaks with a minor technical issue. After learning that his account’s contents had been seized by the U.S. government, Snorrason told Mother Jones that he thought “pretty much everyone with both a Google account and a WikiLeaks connection will be getting one of those notices eventually.” Snorrason was correct in that other WikiLeaks-associated Google accounts had their information seized by the government. Six months after the order for Snorrason’s emails was issued, a trio of search orders were issued for the email accounts of senior WikiLeaks personnel. On April 5, 2012, sealed warrants were executed for the Google accounts of WikiLeaks editors Sarah Harrison and Joseph Farrell, as well as then-spokesman and future editor-in-chief Kristinn Hrafnsson on suspicion of espionage and violating the Computer Fraud and Abuse Act, as well as conspiracy and theft of government property. The warrants appear to have covered the entirety of the accounts and were disclosed by Google at the close of 2014. A court order for information relating to Kristinn Hrafnsson, current editor in chief of WikiLeaks, on suspicion if charges including but not limited to espionage. In late October 2017, a new government request was issued for portions of WikiLeaks’ communications. A letter from Sen. Diane Feinstein requested that Twitter provide copies of all direct messages that were over 180 days to or from the accounts belonging to WikiLeaks, the WikiLeaks Task Force, “Guccifer 2.0,” Assange, and Margaret Ratner Kunstler. As written, the request would include some of my communications with WikiLeaks and “Guccifer 2.0.” Ultimately, at least some messages between WikiLeaks and the “Guccifer 2.0” were obtained by the U.S. government, although the method of communication for those messages remains unconfirmed. In late October 2017, a new government request was issued for portions of WikiLeaks’ communications. A letter from Sen. Diane Feinstein requested that Twitter provide copies of all direct messages that were over 180 days to or from the accounts belonging to WikiLeaks, the WikiLeaks Task Force, “Guccifer 2.0,” Assange, and Margaret Ratner Kunstler. As written, the request would include some of my communications with WikiLeaks and “Guccifer 2.0.” Ultimately, at least some messages between WikiLeaks and the “Guccifer 2.0” were obtained by the U.S. government, although the method of communication for those messages remains unconfirmed. According to what’s informally known as “the GRU indictment,” WikiLeaks sent Guccifer 2.0 a message on June 22, 2016. The message instructed Guccifer 2.0, a persona the U.S. government believes was used by Russian operatives, to send new material to them so it would “have a much higher impact.” On approximately July 6, the organization sent another message encouraging Guccifer 2.0 to send “anything [H]illary related” in time for the Democratic National Convention, which WikiLeaks thought Clinton would use to solidify support. The quoted portion of the exchange ends with WikiLeaks saying they thought conflict between Sen. Bernie Sanders and Clinton would be “interesting.” These exchanges, about maximizing impact and damage, are relevant to one of the theories of Assange’s potential prosecution outlined by noted national security journalist Marcy Wheeler. An excerpt from a Mueller indictment. If the charges against Assange are related to Russian hacking and the Democratic National Committee email leak, this exchange could be one of the most likely pieces of evidence to be directly relevant to the initial charges against him. However, the entirety of the government’s evidence, including materials seized from alleged Vault 7 leaker Joshua Schulte and the alleged recordings of him transferring additional files to WikiLeaks regarding the organization, may be used to help make the case. Past statements and communications may be used to help establish a modus operandi, a pattern or an intent. As noted by the AP, some of the materials may point to the early beginnings of Assange’s reported relationship with Russia. Leaked copies of sealed files, statements by people familiar with the grand juries, and documents released through FOIA by independent journalist Alexa O’Brien—who also identified a number of sealed search orders—all indicate that the investigations converged and pooled evidence at times. The government’s information could be further augmented by recent surveillance of Assange in the Ecuadorian Embassy, where he has lived under asylum since 2012, the fruits of which may have reportedly been shared with the United States. Regardless of what the charges against Assange are, the government has terabytes of data with which to try to make its case, data that’s come from WikiLeaks supporters, sources, key personnel, and Assange himself. The full depth of the government’s sources, however, have yet to be revealed. Emma Best is a national security reporter and transparency activist. She has published millions of pages of government documents and is a member of the leak collective Distributed Denial of Secrets (DDoSecrets). Source
  13. The vast majority of televisions available today are "smart" TVs, with internet connections, advertising placement, and streaming services built in. Despite the added functionality, TV prices are lower than ever — especially from companies like TCL and Vizio, which specialize in low-cost, high-tech smart TVs. There's a simple reason that smart TVs are priced so low: Some TV makers collect user data and sell it to third parties. Did you get a 4K, HDR-capable TV this past holiday, perhaps on sale? Millions of Americans did. Massive TVs with razor-thin frames, brilliant image quality, and built-in streaming services are more affordable than ever thanks to companies like Vizio and TCL. If you want a 65-inch 4K smart TV with HDR capability, one can be purchased for below $500 — a price that may seem surprisingly low for such a massive piece of technology, nonetheless one that's likely to live in your home for years before you upgrade. But that low price comes with a caveat most people probably don't realize: Some manufacturers collect data about users and sell that data to third parties. The data can include the types of shows you watch, which ads you watch, and your approximate location. The Roku TV interface on TCL's smart TVs comes with a prominent ad placement on the home screen. A recent interview on The Verge's podcast with Vizio's chief technology officer, Bill Baxter, did a great job illuminating how this works. "This is a cutthroat industry," Baxter said. "It's a 6% margin industry. The greater strategy is I really don't need to make money off of the TV. I need to cover my cost." More specifically, companies like Vizio don't need to make money from every TV they sell. Smart TVs can be sold at or near cost to consumers because Vizio is able to monetize those TVs through data collection, advertising, and selling direct-to-consumer entertainment (movies, etc.). Or, as Baxter put it: "It's not just about data collection. It's about post-purchase monetization of the TV." And there are a few ways to monetize those TVs after the initial purchase. On TCL's Roku TVs, users can opt out of the full scope of ad tracking. How much you're able to block yourself from data tracking varies by TV manufacturer. "You sell some movies, you sell some TV shows, you sell some ads, you know," he said. "It's not really that different than the Verge website." It's those additional forms of revenue that help make the large, beautiful smart TVs from companies like Vizio and TCL so affordable. Without that revenue stream, Baxter said, consumers would be paying more up front. "We'd collect a little bit more margin at retail to offset it," he said. The exchange is fascinating and worth listening to in full — check it out right here. Source
  14. Government says hackers breached 30 computers and stole data from 10. Hackers have breached the computer systems of a South Korean government agency that oversees weapons and munitions acquisitions for the country's military forces. The hack took place in October 2018. Local press reported this week[1, 2, 3] that hackers breached 30 computers and stole internal documents from at least ten. The breached organization is South Korea's Defense Acquisition Program Administration (DAPA), an agency part of the Ministry of National Defense. It is believed that the stolen documents contain information about arms procurement for the country's next-generation fighter aircraft, according to a news outlet reporting on the cyber-attack. Reports claim that hackers gained access to the server of a security program installed on all government computers. Named "Data Storage Prevention Solution," the app is installed on South Korean government computers to prevent sensitive documents from being downloaded and saved on internet-connected PCs. According to reports, hackers gained admin access to the software's server and used it to siphon documents from connected workstations. The country's intelligence agency (NIS, National Intelligence Service) investigated the breach in November and reported its findings to government officials, who disclosed the cyber-attack to the public this week. Government officials didn't pin the blame on North Korean hackers, as they usually do, although it wouldn't surprise anyone if they did, as North Korea has often launched cyber-espionage and intelligence collection operations against its southern neighbor. For example, in October 2017, South Korea accused North Korea of hacking and stealing the South's secret joint US war plans, which included detailed plans to attack the North in case diplomatic relations deteriorated to a point where military action was needed. Source
  15. New court documents reveal the government is investigating the Capital One hacker for 30+ other breaches. Paige A. Thompson, the hacker accused of breaching US bank Capital One, is also believed to have stolen data from more than 30 other companies, US prosecutors said in new court documents filed today and obtained by ZDNet. "The government's investigation over the last two weeks has revealed that Thompson's theft of Capital One's data was only one part of her criminal conduct," US officials said in a memorandum for extending Thompson's detention period. "The servers seized from Thompson's bedroom during the search of Thompson's residence, include not only data stolen from Capital One, but also multiple terabytes of data stolen by Thompson from more than 30 other companies, educational institutions, and other entities." US prosecutors said the "data varies significantly in both type and amount," but, based on currently available information, "much of the data appears not to be data containing personal identifying information." Government hasn't identified/notified all victims US officials said the investigation is still ongoing and the FB is still trying to identify all the companies from where Thompson stole data they found on her home server. "The government expects to add an additional charge against Thompson based upon each such theft of data, as the victims are identified and notified," prosecutors said. The court documents don't list the names of any of the other 30+ companies that Thompson is believed to have hacked. However, according to previous media reports, this list might include companies such as Unicredit, Vodafone, Ford, Michigan State University, and the Ohio Department of Transportation. Thompson, a former Amazon engineer, is believed to have breached AWS servers belonging to Capital One and the additional 30+ companies, from where she took proprietary information that she later stored on her home server. From Capital One alone, Thompson is believed to have taken the personal data of over 106 million Americans and Canadians. After her arrest, Thompson told investigators that she did not sell or share any of the stolen data. In the new court documents, US officials said they haven't found any evidence to suggest that Thompson lied, which might reduce the extent of the 30+ breaches that she is accused. As for the Capital One accusations, the US government believes it has a rock-solid case. "The evidence that Thompson committed this crime is overwhelming," officials said. The court documents filed today, which argue for continuing to detain Thompson, also detail three stalking allegations, threats to "shoot up" a company's office, and threats to commit "suicide by cop" by pulling a fake gun on an officer and force the officer to shoot back. The US government also noted that Thompson's past behavior appears to be related to "a significant history of mental health problems." Source
  16. Quito big deal A street in Ecuador. That car is probably in the database... IF YOU'RE EVER asked the population of Ecuador in a pub quiz, the answer is somewhere in the region of 17 million people. That number is quite awkward, as an enormous leak exposed by ZDNet and vpnMentor has uncovered a database with information on 20.8 million Ecuadorian citizens. The reason for this discrepancy is twofold: duplicates and the deceased. Otherwise, if you live in Ecuador, then the chances are that you're on this list. The site was able to find records for Ecuadorian premier Lenin Moreno and even Julian Assange, who until recently called the country's UK embassy his home away from home. More worryingly, it also contains the information of some 6.7 million children - some born as recently as spring. The data, spread across multiple Elasticsearch indexes, contain information such as names, addresses marital status, cedulas (national ID number), job information, phone numbers, education levels, family relationships, civil registration data, financial and work information and car ownership. How much data is on each person varies depending on the data set: ZDNet found seven million financial records and 2.5 million car-centric ones. But this data is particularly worrying, given that it can be tied to a citizen's address giving burglars a map to the richest people and their cars. How did all of this leak? It appears the data came from both government and private sources. The link seems to be an analytics firm called Novaestrat. On its website it claims that users can "make financial decisions with updated information of the entire Ecuadorian financial system." The database was secured last week, but it wasn't as straightforward as you'd hope. Novaestrat has no email address or phone number listed, and the support forum was broken. In the end, vpnMentor only has success via Ecuador's Computer Emergency Response Team. Of course, just fixing the leak doesn't mean the data isn't already in the wrong hands. Ecuadorian citizens may want to look out for suspicious emails, or even more suspicious people at their doors for the foreseeable future. Source
  17. Car smash-and-grab ends with loss of payroll details for 20,000 employees Facebook has lost a copy of the personal details of 29,000 of its employees after hard drives containing unencrypted payroll information were stolen from an employee's car. The antisocial network said it is in the process of informing those who were exposed, though so far there is no indication of the purloined details being used for fraud, it is claimed. "We worked with law enforcement as they investigated a recent car break-in and theft of an employee’s bag containing company equipment with employee payroll information stored on it," a Facebook spokesperson told The Register. "We have seen no evidence of abuse and believe this was a smash and grab crime rather than an attempt to steal employee information. "Out of an abundance of caution, we have notified the current and former employees whose information we believe was stored on the equipment – people who were on our US payroll in 2018 – and are offering them free identity theft and credit monitoring services. This theft impacts current and former Facebook employees only and no Facebook user data was involved." A report from Bloomberg today cites an internal email explaining that last month an employee in the payroll department had their car broken into and, among the items stolen, were unencrypted hard drives containing corporate records. The report also notes that the worker was not authorized to have the drive in their car, and has been disciplined. The lifted records were said to include employee names, bank account numbers, and partial social security numbers. So far, Facebook has yet to file a data breach notification with the state of California, as is required by law. This is certainly a unique situation for Facebook, as the data-slurping biz usually finds itself on the other side of egregious violations of personal privacy. Facebook has made something of a custom out of letting outside developers play fast and loose with user profile information. Source
  18. India has proposed groundbreaking new rules that would require companies to garner consent from citizens in the country before collecting and processing their personal data. But at the same time, the new rules also state that companies would have to hand over “non-personal” data of their users to the government, and New Delhi would also hold the power to collect any data of its citizens without consent, thereby bypassing the laws applicable to everyone else, to serve sovereignty and larger public interest. The new rules, proposed in “Personal Data Protection Bill 2019,” a copy of which leaked on Tuesday, would permit New Delhi to “exempt any agency of government from application of Act in the interest of sovereignty and integrity of India, the security of the state, friendly relations with foreign states, public order.” If the bill passes — and it is expected to be discussed in the parliament in the coming weeks — select controversial laws drafted more than a decade ago would remain unchanged. Another proposed rule would grant New Delhi the power to ask any “data fiduciary or data processor” to hand over “anonymized” “non-personal data” for the purpose of better governance, among others. New Delhi’s new bill — which was passed by the Union Cabinet last week, but has yet to be formally shared with the public — could create new challenges for Google, Facebook, Twitter, ByteDance’s TikTok and other companies that are already facing some regulatory heat in the nation. India conceptualized this bill two years ago and in the years since, it has undergone significant changes. An earlier draft of the bill that was formally made public last year had stated that the Indian government must not have the ability to collect or process personal data of its citizens, unless a lawful procedure was followed. Ambiguity over who the Indian government considers an “intermediary” or a “social media” platform, or a “social media intermediary” are yet to be fully resolved, however. In the latest version, the bill appears to not include payment services, internet service providers, search engines, online encyclopedias, email services and online storage services as “social media intermediaries.” One of the proposed rules, that is directly aimed at Facebook, Twitter, and any other social media company that enables “interaction between two or more users,” requires them to give their users an option to verify their identity and then publicly have such status displayed on their profile — similar to the blue tick that Facebook and Twitter reserve for celebrities and other accounts of public interest. Last week news outlet Reuters reported portions of the bill, citing unnamed sources. The report claimed that India was proposing the voluntary identity-verification requirement to curb the spread of false information. As social media companies grapple with the spread of false information, that have resulted in at least 30 deaths in India, the Narendra Modi-led government, which itself is a big consumer of social media platforms, has sought to take measures to address several issues. Over the last two years, the Indian government has asked WhatsApp, which has amassed more than 400 million users in India, to “bring traceability” to its platform in a move that would allow the authority to identify the people who are spreading the information. WhatsApp has insisted that any such move would require breaking encryption, which would compromise the privacy and security of more than a billion people globally. The bill has not specifically cited government’s desires to contain false information for this proposal, however. Instead the bill insists that this would bring more “transparency and accountability.” Some critics have expressed concerns over the proposed rules. Udbhav Tiwari, a public policy advisor at Mozilla, said New Delhi’s bill would “represent new, significant threats to Indians’ privacy. If Indians are to be truly protected, it is urgent that parliament reviews and addresses these dangerous provisions before they become law.” Indian news site MediaNama has outlined several more changes in this Twitter thread. Source
  19. Cyber-security company Trend Micro says the personal data of thousands of its customers has been exposed by a rogue member of staff. The company says an employee sold information from its customer-support database, including names and phone numbers, to a third party. It became suspicious after customers started receiving phone calls from scammers posing as Trend Micro staff. The company says it has contacted those whose details were exposed. Trend Micro said it believed approximately 70,000 of its 12 million customers had been affected. "It's every security firm's nightmare for something like this to occur," cyber-expert and writer Graham Cluley told BBC News. "You can have all the security in place to prevent external hackers getting in but that doesn't stop internal staff from taking data and using it for nefarious purposes," he said. "If a cyber-security firm like Trend Micro can fall victim to a security breach, it can happen to any company." Trend Micro provides cyber-security and anti-virus tools to consumers, businesses and organisations around the world. In August 2019, it received reports many users of its home security software had been receiving scam phone calls. The scammers knew so much information about their targets that Trend Micro suspected its customer support database had been breached. It later found out its systems had not been attacked over the internet and it was instead facing a "malicious insider threat". "The suspect was a Trend Micro employee who improperly accessed the data with a clear criminal intent," the company said in a blog post. "Our investigation revealed that this employee sold the stolen information to a currently unknown third-party malicious actor." The company said it was working with police and the employee in question had been fired. It said its customer-support staff would never call people "unexpectedly". "If a support call is to be made, it will be scheduled in advance. If you receive an unexpected phone call claiming to be from Trend Micro, hang up and report the incident to Trend Micro support using our official contact details below," the company said. Liability A UK ruling that suggests companies can be held responsible if their own staff leak data is currently being challenged by supermarket chain Morrison's. In 2014, an internal auditor at the retailer stole the data, including salary and bank details, of nearly 100,000 staff and posted it online. Andrew Skelton was jailed for eight years in 2015 after being found guilty at Bradford Crown Court of fraud, securing unauthorised access to computer material and disclosing personal data. However, a group legal action also found the supermarket responsible for the actions of its staff. The retailer is currently challenging the ruling at the UK's Supreme Court. Source
  20. A year ago, we asked some of the most prominent smart home device makers if they have given customer data to governments. The results were mixed. The big three smart home device makers — Amazon, Facebook and Google (which includes Nest) — all disclosed in their transparency reports if and when governments demand customer data. Apple said it didn't need a report, as the data it collects was anonymized. As for the rest, none had published their government data-demand figures. In the year that's past, the smart home market has grown rapidly, but the remaining device makers have made little to no progress on disclosing their figures. And in some cases, it got worse. Smart home and other internet-connected devices may be convenient and accessible, but they collect vast amounts of information on you and your home. Smart locks know when someone enters your house, and smart doorbells can capture their face. Smart TVs know which programs you watch and some smart speakers know what you're interested in. Many smart devices collect data when they're not in use — and some collect data points you may not even think about, like your wireless network information, for example — and send them back to the manufacturers, ostensibly to make the gadgets — and your home — smarter. Because the data is stored in the cloud by the devices manufacturers, law enforcement and government agencies can demand those companies turn over that data to solve crimes. But as the amount of data collection increases, companies are not being transparent about the data demands they receive. All we have are anecdotal reports — and there are plenty: Police obtained Amazon Echo data to help solve a murder; Fitbit turned over data that was used to charge a man with murder; Samsung helped catch a sex predator who watched child abuse imagery; Nest gave up surveillance footage to help jail gang members; and recent reporting on Amazon-owned Ring shows close links between the smart home device maker and law enforcement. Here's what we found. Smart lock and doorbell maker August gave the exact same statement as last year, that it "does not currently have a transparency report and we have never received any National Security Letters or orders for user content or non-content information under the Foreign Intelligence Surveillance Act (FISA)." But August spokesperson Stephanie Ng would not comment on the number of non-national security requests — subpoenas, warrants and court orders — that the company has received, only that it complies with "all laws" when it receives a legal demand. Roomba maker iRobot said, as it did last year, that it has "not received" any government demands for data. "iRobot does not plan to issue a transparency report at this time," but it may consider publishing a report "should iRobot receive a government request for customer data." Arlo, a former Netgear smart home division that spun out in 2018, did not respond to a request for comment. Netgear, which still has some smart home technology, said it does "not publicly disclose a transparency report." Amazon-owned Ring, whose cooperation with law enforcement has drawn ire from lawmakers and faced questions over its ability to protect users' privacy, said last year it planned to release a transparency report in the future, but did not say when. This time around, Ring spokesperson Yassi Shahmiri would not comment and stopped responding to repeated follow-up emails. Honeywell spokesperson Megan McGovern would not comment and referred questions to Resideo, the smart home division Honeywell spun out a year ago. Resideo's Bruce Anderson did not comment. And just as last year, Samsung, a maker of smart devices and internet-connected televisions and other appliances, also did not respond to a request for comment. On the whole, the companies' responses were largely the same as last year. But smart switch and sensor maker Ecobee, which last year promised to publish a transparency report "at the end of 2018," did not follow through with its promise. When we asked why, Ecobee spokesperson Kristen Johnson did not respond to repeated requests for comment. Based on the best available data, August, iRobot, Ring and the rest of the smart home device makers have hundreds of millions of users and customers around the world, with the potential to give governments vast troves of data — and users and customers are none the wiser. Transparency reports may not be perfect, and some are less transparent than others. But if big companies — even after bruising headlines and claims of co-operation with surveillance states — disclose their figures, there's little excuse for the smaller companies. This time around, some companies fared better than their rivals. But for anyone mindful of their privacy, you can — and should — expect better. Source
  21. What is going on As you may have heard already, because of brexit, Google is moving UK citizens data from the Northern Ireland data controller to the US one (Google LLC). Leaving the EU, UK citizens are not protected anymore by GDPR, and while this may be unfair, Google is legally allowed to do it. The problem Even if I'm an Italian citizen and I live in Italy, a few days ago I received this email from them: What's wrong with it? The point is that I'm an Italian citizen, living in Italy. I have nothing to do with UK (even if I lived there for a few years in the past, my account was created from Italy). Why do they mention "UK leaving EU" to me, if I don't live in UK? I tried to contact them multiple times on their @Google account on Twitter, but I got no reply at all. I tried to search online and it looks like I'm not alone, they are doing this to many other people: https://support.google.com/accounts/thread/29317992?hl=en&authuser=1 Looking for help What should I do? Is this legally allowed? If there was an easy way to complain with them, I would have done it already, but I've tried to search on their website (even googling it... no pun intended) but I couldn't find a single contact form to report this issue and of course they are ignoring both Twitter and that forum I linked previously. Should I report them to the Privacy Authority? If yes, how? Full text of the email Here is the full text of the email I received: We’re improving our Terms of Service and making them easier for you to understand. The changes will take effect on 31 March 2020, and they won’t impact the way that you use Google services. And, because the United Kingdom (UK) is leaving the European Union (EU), Google LLC will now be the service provider and the data controller responsible for your information and for complying with applicable privacy laws for UK consumer users. For more details, we’ve provided a summary of the key changes and Frequently asked questions. And the next time that you visit Google, you’ll have the chance to review and accept the new Terms. At a glance, here’s what this update means for you: • Improved readability: While our Terms remain a legal document, we’ve done our best to make them easier to understand, including by adding links to useful information and providing definitions. • Better communication: We’ve clearly explained when we’ll make changes to our services (like adding or removing a feature) and when we’ll restrict or end a user’s access. And we’ll do more to notify you when a change negatively impacts your experience on our services. • Adding Google Chrome, Google Chrome OS and Google Drive to the Terms: Our improved Terms now cover Google Chrome, Google Chrome OS and Google Drive, which also have service-specific terms and policies to help you understand what’s unique to those services. • Your service provider and data controller is now Google LLC: Because the UK is leaving the EU, we’ve updated our Terms so that a United States-based company, Google LLC, is now your service provider instead of Google Ireland Limited. Google LLC will also become the data controller responsible for your information and complying with applicable privacy laws. We’re making similar changes to the Terms of Service for YouTube, YouTube Paid Services and Google Play. These changes to our Terms and privacy policy don’t affect your privacy settings or the way that we treat your information (see the privacy policy for details). As a reminder, you can always visit your Google Account to review your privacy settings and manage how your data is used. If you’re the guardian of a child under the age required to manage their own Google Account and you use Family Link to manage their use of Google services, please note that when you accept our new Terms, you do so on their behalf as well, and you may want to discuss these changes with them. And of course, if you don’t agree to our new Terms and what we can expect from each other as you use our services, you can find more information about your options in our Frequently asked questions. Thank you for using Google’s services. Your Google team Source
  22. IBM said its cloud and cognitive software revenue -- which includes Red Hat -- was up 8.7% to $7.2 billion. IBM published its fourth quarter financial results on Tuesday, with a full quarter of Red Hat now in the fold. The company is showing signs of a return to growth, although year-over-year revenues were up just slightly for the quarter and still down overall for 2019. For Q4, IBM reported a non-GAAP EPS of $4.71 on revenue of $21.8 billion, up 0.1% year-over-year. Analysts were expecting earnings of $4.68 per share on revenue of $21.64 billion. For the full FY 2019, non-GAAP earnings per share came to $12.81 on revenues of $77.1 billion, down 3.1 year-over-year. The fiscal results are in line with analyst estimates. Shares of IBM were up nearly 5% after hours. "We ended 2019 on a strong note, returning to overall revenue growth in the quarter, led by accelerated cloud performance," said IBM chief executive Ginni Rometty. "Looking ahead, this positions us for sustained revenue growth in 2020 as we continue to help our clients shift their mission-critical workloads to the hybrid cloud and scale their efforts to become a cognitive enterprise." Cloud and cognitive software revenue -- which includes Red Hat -- was up 8.7% to $7.2 billion. Red Hat specifically contributed $573 million to IBM's cloud and software sales. Meanwhile, systems revenue climbed 16% led by the IBM Z, IBM's smaller footprint mainframe that utilizes design thinking. Storage systems showed growth but technology services revenue in the quarter fell 4.8%. Global business services sales were down 0.6%. IBM said cloud revenue was $21.2 billion for fiscal 2019, up 11%. Going forward, a goal for IBM will be capitalizing on the expected growth in enterprise software investments. In its latest IT spending forecast, research firm Gartner suggests that software will be the main driver for spending over 2020, reaching 10.5 percent growth. As for the outlook, IBM said it is on track to deliver non-GAAP earnings of at least $13.35 a share with free cash flow of about $12.5 billion for fiscal 2020. "After completing the acquisition of Red Hat, and with strong free cash flow and disciplined financial management, we significantly deleveraged in the second half," said James Kavanaugh, IBM 's chief financial officer. Source
  23. GOOGLE KEEPS A SCARY AMOUNT OF DATA ON YOU HERE'S HOW TO FIND AND DELETE IT Everything you do online when you're signed into Google, and even some stuff when you aren't, becomes a part of your Google profile, but you can wipe the slate clean with these steps. Google collects a staggering amount of personal information about its users -- possibly even more than you realize. Google remembers every search you perform and every YouTube video you watch. Whether you have an iPhone ( $870 at Walmart ) or Android phone, Google Maps logs everywhere you go, the route you take to get there, when you arrive and what time you leave -- even if you never open the app. When you really take a look at everything Google knows about you, the results can be shocking -- maybe even a little frightening. Thankfully, there are a few things you can do about it. As a spate of data leaks and privacy violations continues to weaken the public's trust in big tech companies, Google has responded by creating a privacy hub that lets you access, delete and limit the data Google collects on you. Navigating all the various settings can get confusing, however, and it's not always clear what you're giving Google permission to do. What's worse, whenever you make a change that would restrict how much or for how long Google tracks you, Google warns that its services won't work as well without unfettered access to your data. How true that may be isn't very clear. Despite Google's best efforts to increase transparency, recent revelations that the search giant was secretly sharing users' private data with third-party advertisers have challenged the public's trust in the company, whose Google Home ( $79 at Walmart ) and Google Nest lines of smart speakers seek to put microphones and cameras in the most private of settings -- your home. We're going to cut through all the clutter and show you how to access the private data Google has on you, as well as how to delete some or all of it. Then we're going to help you find the right balance between your privacy and the Google services you rely on by choosing settings that limit Google's access to your information without impairing your experience. Find out what private information Google considers 'public' Chances are, Google has your name, a photo of your face, your birthday, gender, other email addresses you use, your password and phone number. Some of this is listed as public information (not your password, of course). Here's how to see what Google shares with the world about you. 1. Open a browser window and navigate to your your Google Account page. 2. Type your Google username (with or without "@gmail.com"). 3. From the menu bar, choose Personal info and review the information. You can change or delete your photo, name, birthday, gender, password, other emails and phone number. 4. If you'd like to see what information of yours is available publicly, scroll to the bottom and select Go to About me. 5. You can then back out and make changes. There's currently no way to make your account private. Take a look at Google's record of your online activity If you want to see the motherlode of data Google has on you, follow these steps to find it, review it, delete it or set it to automatically delete after a period of time. If your goal is to exert more control over your data but you still want Google services like search and maps to personalize your results, we recommend setting your data to autodelete after three months. Otherwise, feel free to delete all your data and set Google to stop tracking you. For most of the day-to-day things you do with Google you won't even notice the difference. 1. Sign into your Google Account and choose Data & Personalization from the navigation bar. 2. To see a list of all your activity that Google has logged, scroll to Activity controls and select Web & App Activity. 3. If you want Google to stop tracking your web and image searches, browser history, map searches and directions, and interactions with Google Assistant, uncheck both boxes. Otherwise, move on to step 4. 4. Next, click Manage Activity. This page displays all the information Google has collected on you from the activities mentioned in the previous step, all the way back to the day you created your account. 5. To set Google to automatically delete this kind of data either every three or every 18 months, select Choose to delete automatically and pick the timeframe you feel most comfortable with. Google will delete any current data older than the timeframe you specify, for example, if you choose three months, any information older than three months will be deleted immediately. 6. If you'd rather delete part of all of your activity history manually, on the navigation bar choose Delete activity by and choose either Last hour, Last day, All time or Custom range. 7. Once you choose an autodelete setting or manually select which data you want deleted, a popup will appear and ask you to confirm. Select Delete or Confirm. To make sure your new settings took, head back to Manage Activity (step 4) and make sure whatever's there (if you deleted it all there should be nothing) only goes back the three or 18 months you selected in step 5. Access Google's record of your location history Perhaps even more offputting than Google knowing what recipes you've been cooking, what vacation it looks like you're planning or how often you check the Powerball numbers, the precision of Google's record of your whereabouts can be downright chilling, even if you never do anything you shouldn't. Just the fact that if you're signed into Google Maps on a mobile device, Google's eyes are watching your every move is about enough to make you want to leave your phone at home. Thankfully, that's unnecessary. Here's how to access, manage and delete your Google location data: 1. Sign into your Google Account and choose Data & Personalization from the navigation bar. 2. To see a list of all your location data that Google has logged, scroll to Activity controls and select Location History. 3. If you want Google to stop tracking your location, turn off the toggle on this page. 4. Next, click Manage Activity. This page displays all the location information Google has collected on you as a timeline and a map, including places you've visited, the route you took there and back, as well as frequency and dates of visits. 5. To permanently delete all location history, click on the trash can icon and choose Delete Location History when prompted. 6. To set Google to automatically delete this kind of data either every three or every 18 months, select the gear icon and choose Automatically delete Location History then pick the timeframe you feel most comfortable with. Google will delete any current data older than the timeframe you specify. For example, if you choose three months, any information older than three months will be deleted immediately. To make sure your location data really disappeared, start over with Activity Controls in step 2, then after Manage Activity in step 4, make sure the timeline in the upper left corner is empty and there are no dots on the map indicating your previous locations. Source Image Courtesy & Thanks
  24. BEIJING/HANGZHOU, China (Reuters) - In China, the sales maxim of ‘know your customer’ is being taken to new lengths. One of the first firms to join an Alibaba Group Holding Ltd program that provides years of consumer shopping history, snack food chain Bestore Co Ltd plans to link facial recognition technology with the e-commerce giant’s account data by the year’s end. For customers opting to have their facial data in Bestore’s systems, that means shop assistants will be able to check on what food they like the moment they enter one of its stores. Bestore, which already offers customers the option of paying with Alibaba’s face scanning tablets, has also started using Alibaba’s other services for more successful marketing. It can now arrange for a person who likes salty food, owns an SUV and probably has a family to receive an ad suggesting suitable Bestore snacks for a Spring holiday road trip, Huang Xiao, Bestore’s head of e-commerce, told Reuters. “With the partnership, our strategies are more focused, sales behaviors are more targeted and resources are better allocated,” Huang said. The Alibaba program, called A100 and which counts Nestle SA and Procter & Gamble Co as clients, is part of a major push by e-commerce giants in China to retool their relationship with merchants - offering them a trove of shopper data in return for broader and closer partnerships. The shift is integral to what Chinese e-commerce firms call ‘new retail’ or ‘boundary-less retail’ - the marrying of data available from internet shopping and gathered through brick-and-mortar stores to provide highly personalized services. It has been enabled by the widespread use of payments by smartphone, the rise of facial recognition technology and Chinese consumer tolerance of data-sharing between businesses. Other services Alibaba offers to retail clients include shopper movement ‘heat maps’ to help stores better design the layout of products, as well as its chat app Dingtalk to communicate within their own companies and with customers. SEEKING MORE DATA Keeping merchants happy and signing them up for more services has taken on added urgency for Alibaba and rival JD.com. Both are seeking to diversify amid slowing e-commerce revenue growth at home - due in part to saturated markets in China’s biggest cities, flagging consumer confidence from the U.S.-China trade war and increased competition from rivals such as newly listed Pinduoduo Inc. “For Alibaba and JD.com this is critical for their overall ecosystem because they have pretty much already exhausted the online growth,” said Beijing-based Jason Ding, partner at consulting firm Bain & Company. By providing data-driven tools to retail stores, e-commerce firms can expand the amount of data collected. “It’s not just about money, it’s about continuing to grow, and hopefully they will find a way to monetize that,” he said. JD.com, which provides similar services to Alibaba, says it helped U.S. diaper brand “Huggies” work out why Chinese competitors were rising in popularity, prompting Huggies to change to a material that is more absorbent and comfortable when wet. That contributed to a 60% percent rise in Huggies sales on JD.com in 2018, the Chinese firm said. A spokesman for Kimberly Clark, which owns the Huggies brand, declined to comment on the details of its partnership with JD.com. After a trial run of a new product, JD.com said it creates a ‘profile’ of a potential buyer based on early sales that is cross-checked with its entire userbase, before targeted ads are sent to close matches. Other tools JD.com offers to retail clients include an customer service chatbot powered by artificial intelligence that can the “sense” the mood of customers, and adjust its tone to appear more empathetic. It has also rolled out checkouts in some Hong Kong convenience stores that can scan several items at once and charge customers using their ID-linked accounts, which it says cuts the average checkout time by 30%. FREE FOR NOW Both JD.com and Alibaba executives say they are not charging companies for most data services at the moment, noting the new partnerships facilitate sales of other services such as cloud computing and logistics. Nestle, which sells Haagen Daaz and Nespresso through third-party retail locations in China, says it now has one warehouse instead of four after tapping into data at Alibaba distribution centers which give real-time updates on orders. “You don’t have to carry huge inventory in your warehouse,” said Rashid Qureshi, chief executive of Nestle’s Greater China business, adding it’s the first time Nestle has integrated an e-commerce firm’s data into its own systems. Where previously Bestore and Nestle would have dealt with different parts of the Alibaba empire for delivery, payments, cloud computing and messaging, they now work with one Alibaba team dedicated to their company which organizes a range of tailored services. “It’s a change that subverts the way our entire company has operated,” Alibaba’s Jet Jing told Reuters in an interview. Jing, formerly president of Alibaba’s retail site Tmall, has since become assistant to CEO Daniel Zhang. Alibaba has not disclosed how many companies are currently participating in its A100 program, but some analysts say for now only big firms will be able to benefit as smaller firms do not have the funds to justify major organizational changes. One risk for retailers, however, is that they may become overly dependent on their e-commerce partners. The Chinese market remains tough for brands to crack independently and Alibaba and JD.com represent the two biggest online retail channels into the country. In the face of such tough competition, Amazon.com Inc said in April it is shutting its China online store. “It’s a must for the brands to be involved,” says Bain & Company’s Ding. “But everyone would like to have a balance and not put their eggs in one basket.” More broadly, questions remain over how big e-commerce firms manage their data in a way that is fair to all parties using their services. EU regulators in September launched a preliminary antitrust investigation into Amazon over concerns it is collecting similar data from brands that it might use to boost competing products of its own. Alibaba and JD.com do not produce their own products but both have made significant investments in retail stores including experimental grocery and convenience store formats. Source
  25. PARIS (Reuters) - Facebook has agreed to hand over the identification data of French users suspected of hate speech on its platform to judges, France’s minister for digital affairs Cedric O said on Tuesday, adding the deal was a world first. The move by the world’s biggest social media network comes after successive meetings between Facebook’s founder Mark Zuckerberg and French President Emmanuel Macron, who wants to take a leading role globally on the regulation of hate speech and the spread of false information online. So far, Facebook has cooperated with French justice on matters related to terrorist attacks and violent acts by transferring the IP addresses and other identification data of suspected individuals to French judges who formally demanded it. Following a meeting between Nick Clegg, Facebook’s head of global affairs, and O last week, the social media company has extended this cooperation to hate speech. “This is huge news, it means that the judicial process will be able to run normally,” O, a former top adviser to Macron, told Reuters in an interview. “It’s really very important, they’re only doing it for France.” O, who said he had been in close contact with Clegg over the last few days on the issue, said Facebook’s decision was the result of an ongoing conversation between the internet giant and the French administration. Facebook declined to comment. The discussions started off with a Zuckerberg-Macron meeting last year, followed by a report on tech regulation last month that Facebook’s founder considered could be a blueprint for wider EU regulation. Facebook had refrained from handing over identification data of people suspected of hate speech because it was not compelled to do so under U.S.-French legal conventions and because it was worried countries without an independent judiciary could abuse it. France’s parliament, where Macron’s ruling party has a comfortable majority, is debating legislation that would give the new regulator the power to fine tech companies up to 4% of their global revenue if they don’t do enough to remove hateful content from their network. Source
×
×
  • Create New...