Category Archives: Privacy

WhatsApp Wants to Share User Data with Facebook

WhatsApp logoWhatsApp updated its terms and privacy policy for the first time in four years. Some of those changes are likely to turn off users. In short, WhatsApp wants to share user data with Facebook for the purpose of using it to show you targeted ads. There is a way to opt-out of it.

WhatsApp posted an oddly worded blog post that describes more about what it is about to do. It tries to reassure users that they will still be able to keep in touch with friends and loved ones on WhatsApp. Next, it vaguely suggests that the new terms and privacy policy is intended to benefit companies that want to show you adds. From the blog post:

People use our app every day to keep in touch with loved ones who matter to them, and this isn’t changing. But as we announced earlier this year, we want to explore ways for you to communicate with businesses that matter to you too, while still giving you an experience without third-party banner ads and spam. Whether it’s hearing from your bank about a potentially fraudulent transaction, or getting notified by an airline about a delayed flight, many of us get this information elsewhere, including in text messages and phone calls. We want to test these features in the next several months, but need to update our terms and privacy policy to do so.

The wording implies that WhatsApp thinks that talking with your loved ones is an equally valuable experience as communicating with “businesses who matter to you”. I doubt many users are going to be convinced of that notion. No one joins a social media site or app because they simply cannot wait to connect with businesses and see more ads.

WhatsApp goes on to point out that they will share some user data with Facebook. It assures users that they have “rolled out end-to-end encryption”, and that user messages are encrypted by default.

WhatsApp also states that it won’t post or share your WhatsApp number with others, including on Facebook, and that it also won’t give your phone number to advertisers. Then, WhatsApp suggests that connecting your phone number to Facebook’s systems will enable Facebook to “offer better friend suggestions and show you more relevant ads”.

If you are using both WhatsApp and Facebook, and you want to opt-out of this new change, you can. WhatsApp has instructions on how to do that directly from the app.

Shhh! It’s a Secret!

Shhh!The past few weeks have seen most of the tech industry line up against law enforcement and intelligence agencies over the matter of encryption and privacy. I particularly liked Google’s recent conversion to privacy as it wasn’t that long ago that Eric Schmidt, Google CEO, said that, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

Moving on, there’s been a great deal of emphasis on the privacy aspect, but few have noted that encryption is mainly about secrecy, and that privacy and secrecy are not the same thing. If you do think that privacy and secrecy are the same thing, consider this, “It’s no secret that you go to the restroom, but it’s something you do in private.” I can’t claim credit for this – Bruce Schneier was discussing this over ten years ago and I thoroughly recommend you read some of his recent posts on the matters too.

You might also like to think of it this way; a private home v. secret hide-out. The former is in plain sight but restricted to the owner and his guests, whereas the latter is hidden and known only to a select few.

With a better understanding of the difference between privacy and security, a more reasoned debate can take place, which needs to be agnostic of the technology, to decide the rights of the individuals and the responsibilities of law enforcement.

Ask yourself some questions, “Should what person X does (on their phone) be private?” and “Should what person X does (on their phone) be secret?”. Remember, person X might be you, your family, your friends, your colleagues; person X might be suspects, criminals, murderers, terrorists, paedophiles; person X might be freedom fighters, democracy activitists, oppressed women, abused spouses, LGBT members. You get the picture, person X might be someone you approve of, or they might be someone you don’t like.

The easy answer is to say that person X should have privacy but not secrecy. Does this guard against wholesale monitoring of communication by intelligence agencies? Snowden has shown that this happened and I think most people would see this as an overreach of their authority with no legal oversight. But once person X has come to the attention of the authorities, does that strip away any right to privacy? What level of suspicion is needed, what evidence is required, what is the process of law? None of these have easy answers.

Undoubtedly this is a complex affair with hyperbole, thin-end-of-wedge-ism, and freedom protestors in dictatorships by the bucket load. For certain, we need to move this away from the technology and into human, societal and legal rights. Nothing is black and white, but this is about the future and the world we want to live in. Personally, I firmly believe in privacy, but I’m not so sure about secrecy. I use encryption on my phone as reassurance that should I lose my phone, important data won’t be misused by the finder. Generally I feel that wrong-doers, alleged or otherwise, shouldn’t have secrets, but I’m always concerned about the abuse of power. As always, “Who watches the watchers?”

(The other curious thing to consider is regarding dead people. Generally, they don’t have the same legal rights as living people. What would this mean?)

SmartSafe Brings Data Security To Your Wrist At CES

Ionosys Smart Safe

Our personal data is valuable. With the endless stream of hacks and security breaches flooding the news these days, protecting our private information is more important than ever.

Scott spoke with Stephane Blondeau of Ionosys about the Ionosys SmartSafe. SmartSafe is a wristband that securely stores your passwords, account numbers, and other personal data right on your wrist. The wristband uses a combination of encryption and your personal biometrics to ensure that only you as the owner have access. And with NFC capability, SmartSafe can connect to your other devices, including doors.

SmartSafe will be available in September or October. Price is still to be finalized.

Interview by Scott Ertz of F5 Live: Refreshing Technology.

Become a GNC Insider Today!

Support my Show Sponsor:
30% off on New GoDaddy Orders cjcgnc30
$.99 for a New or Transfered .com cjcgnc99 @
$1.00 / mo Economy Hosting with a free domain. Promo Code: cjcgnc1hs
$1.00 / mo Managed WordPress Hosting with free Domain. Promo Code: cjcgncwp1

Facebook Rolls Out Expanded Privacy Checkup Tool

FacebookHave you ever worried about accidentally sharing too much on Facebook? I don’t mean the concern that it might be inappropriate to share all the details of your hospital stay. Instead, I mean the fear that your post could be read by people you never intended to see it. Facebook is aware of these concerns.

A blog post on Facebook Newsroom gives details about a change to privacy settings that is being rolled out. Current users of Facebook will soon see a “Privacy Checkup” pop-up appear when they make a post.

“We just wanted to make sure you’re sharing with the right people”, it helpfully states. It offers a brief tutorial about each privacy setting, making it easier for users to select how private they want an individual post to be. There will be more “Privacy Checkup” pop-ups later on, if it has been a while since a user has changed who can see his or her posts.

As of May 22, 2014, when a new person joins Facebook, the default audience of their first post will be set to “Friends”. Previous to this change, new users of Facebook had their default audience set to “Public”.

In addition to that, new Facebook users will get an automatic “reminder” that appears when they make their first post. It points to the privacy setting button that is attached to each post and asks “Who would you like to see your post?” If the person chooses to ignore that popup, their post will automatically be set to “Friends”.

Overall, these changes could help prevent Facebook users from embarrassing themselves by posting something publicly that was intended to only be seen by their friends. This change is very similar to one that took effect in October of 2013 that changed the default privacy setting on the posts on Facebook accounts of teens (age 13 through 17). It went from having the default privacy setting be “Friends of Friends” to “Friends” only.

Groups Ask the FTC to Investigate the WhatsApp Deal

WhatsApp logoThe Electronic Privacy Information Center and the Center for Digital Democracy are asking the Federal Trade Commission (FTC) to investigate how the WhatsApp deal will impact the privacy of its users. Facebook acquired WhatsApp just a few weeks ago.

The concern is that Facebook will use the personal information of WhatsApp’s more than 450 million users to target advertising. Those who started using WhatsApp before it was acquired by Facebook were told that WhatsApp would not collect user data for advertising revenue. The complaint states:

Facebook routinely makes use of user information for advertising purposes and has made clear that it intends to incorporate the data of WhatsApp users into the user profiling business model. The proposed acquisition will therefore violate WhatsApp users’ understanding of their exposure to online advertising and constitutes an unfair and deceptive trade practice, subject to investigation by the Federal Trade Commission.

On June 18, 2012, WhatsApp posted a blog titled “Why we don’t sell ads”. Perhaps the key point is this sentence: “Remember, when advertising is involved you the user are the product.”

WhatsApp also posted a blog on February 19, 2014, titled “Facebook”. It is about the acquisition. The key point from that blog might be this sentence: “Here’s what will change for you, our users: nothing.” The blog promises that users can still count on absolutely no ads interrupting their communication through WhatsApp. Facebook has issued a statement indicating that they will honor WhatsApps commitments to privacy and security.

This situation reminds me of some words of wisdom that gets passed around. You cannot be certain that anything posted on “the internet” (on a blog, in a chat, or through social media) will be kept private forever. That being said, I can understand why users of WhatsApp feel betrayed. WhatsApp promised not to sell their data for adverting purposes. Will Facebook keep that promise? It will be very interesting to see what the FTC thinks about this situation.

Twitter Restores Block Functionality

Twitter logoTwitter very recently made a change to what happens when a user blocks another one. After receiving lots of feedback, Twitter announced that it was going to restore block functionality back to the way that it originally was. It kind of surprised me how quickly Twitter responded to user feedback on this issue.

Previous to this whole situation, a person who has a Twitter account could chose to block another user. Doing so prevented that other user from being able to contact them. A person who had been blocked could not:

* Follow the person who had blocked them
* Retweet anything from the person who blocked them
* Send a Tweet to a person who blocked them
* Send a direct message to a person who blocked them
* Read the Tweets of the person who blocked them (at least, not directly through their blocked account)

Twitter briefly instituted a change to its block functionality. In short, the new change would have worked more like a “mute” instead of a block. You block a person who is harassing you. The new change would mean you would no longer see anything that person tweeted. But, it would no longer prevent that blocked user from contacting you, retweeting your tweets, or sending you direct messages.

Lots of people on Twitter were very upset by this change. I saw tweets about it that included #RestoreTheBlock. For many people, Twitter felt a lot less safe. The new change meant that the people you blocked (so you could avoid their harassment) could go ahead and continue to threaten you.

Twitter responded by putting the block functionality back to what it was before the (brief) change. Part of Twitter’s blog about this situation notes that they want people to feel safe while using their platform.

It appears that part of the reason why they made the change was because Twitter was getting feedback from users who had been blocked – and who were angry about it. Twitter appears to have made the change to prevent “post-blocking retaliation”.

The new change would have prevented a blocked user from realizing that he or she had been blocked. Unfortunately, it would also have made Twitter unsafe for the person who did the blocking. Kudos to Twitter for its rapid response to users feedback about their desire to have the block functionality restored!

Facebook Changes Privacy Options for Teens

FacebookParents who have a teenager that uses Facebook may want to take a minute or two and familiarize themselves with a new privacy change. Facebook announced that it is going to allow teens more options when it comes to privacy. This affects Facebook users who are between the ages of 13 and 17.

Previously, when a teenager joined Facebook, his or her posts were automatically set to allow “Friends of Friends” to see that post. The teen had the option to change individual posts to “Friends” only.

As of October 16, 2013, when people age 13 through 17 sign up for an account on Facebook, their first post will automatically be set to be seen by “Friends” only. All future posts made by that teen will be available to “Friends” only (unless the teen chooses to change that option).

In other words, this change allows teens to make a decision about whether or not to post something with the setting of “Friends”, or “Friends of Friends” or “Public”. Teens will also get extra reminders that pop up if they choose to make a post “Public”. The reminder will say:

Did you know that public posts can be seen by anyone, not just people you know? You and any friends you tag could end up getting friend request messages from people you don’t know personally.

If the teen reads that, and makes the decision to go ahead and make that post “Public”, another reminder will pop up. It points out, again, that sharing with “Public” means that anyone (not just people you know) may see your post.

It seems to me that this change might make teens more aware of who, exactly, can see what they post on Facebook. I cannot help but wonder if this might help prevent some of the online bullying that goes on. A teenager who has concerns about being bullied could make all of his or her posts set to “Friends” only. That teen could also remove people from his or her “Friends” list that are problematic.

On the other hand, this change also would allow teens to share all of their posts as “Public”. Parents may want to have a discussion with their teenagers who use Facebook and make sure their teen fully understands that “Public” really does mean everyone can see what was posted.

Google + is Adding Shared Endorsements

GoogleGoogle has changed its Terms of Service in a way that some people are not going to like. As of November 11, 2013, your Google Profile name and photo may appear in Shared Endorsements. In short, this means that your name and image may be placed into advertisements (without notifying you before it happens).

This reminds me a lot of the Sponsored Stories that appear on Facebook. I cannot think of a more obvious way for a social media company to proclaim that it sees users as living, breathing, advertisements.

Neither Facebook’s Sponsored Stories, nor the Shared Endorsements from Google +, will result in paying the people that are includes in ads. One difference is that the Google + Shared Endorsements are not limited to Google +. Your Google Profile name and photo could also pop up in the Google Play music store.

You have a couple of options if you want to avoid becoming part of an ad on Google +. The most obvious way to do this would be to quit using Google +. Not everyone is going to want to immediately go with the “nuclear option” though.

Another way to try and avoid becoming an ad is to go into the Google Account Settings and opt-out. Look for a box that has already been checked for you. Next to that box, it says: Based upon my activity, Google may show my name and profile photo in shared endorsements that appear in ads. Uncheck that box! Don’t forget to click “save”.

There is another difference between Facebook’s Sponsored Stories and the Shared Endorsements from Google. Facebook automatically assumes that parents of users who are under the age of 18 have given Facebook permission to use their child’s name and photos in ads.

There is a note at the bottom of the Shared Endorsements information in the Google Account Settings. It reads: If you are under 18, you may see shared endorsements from others but your own name and profile will not be paired with endorsements in ads and certain other contexts.

Your Facebook Page Can Appear in Search Results

FacebookFacebook has made yet another change that will affect how private your Facebook page is. A new change will allow anyone who uses Facebook to find your page simply by typing your name into the Facebook search bar. Now is a good time to manually change the privacy settings on your posts.

Michael Richter, Chief Privacy Officer for Facebook posted more information about this privacy change on the Facebook Newsroom blog. Facebook will be removing an old setting that had the clunky name of “Who can look up your Timeline by name?” very soon. The decision to remove it was announced a year ago, but the removal did not happen until now.

He had a few suggestions about how to control what people see on your Facebook page. You are able to change the privacy setting of each, individual, post. Change the setting to Friends instead of Friends of Friends or Public. This can be done for old posts and new ones.

You can use your Activity Log to review what you have already shared. This allows you to easily find things that you would like to delete. Somewhere in there is the option to untag photos and to change the privacy settings of past photos.

The other suggestion is somewhat out of your control. You can ask your Facebook Friends to delete or remove things that are on their pages that you are involved in. Hopefully, your Friends will decide to respect your request.

It is also possible to go into “Privacy Settings and Tools” and limit who can see what is already on your Facebook page. Look for the setting called “Limit the audience for posts you’ve shared with friends of friends or public”. Michael Richter says this will allow you to limit all of those posts to only Friends “with one click”.

For a while, Facebook will put up a notice that reminds users that “sharing with public” means that anyone can see the post you are about to make. There is one exception. According to CNET, your Timeline will not be visible to the people whom you have blocked on Facebook.

Facebook Admits 6 Million Users Affected by Bug

FacebookFacebook made an announcement on the Facebook Security page that a bug has affected approximately 6 million Facebook users. This bug allowed user’s email and/or phone number to be accessed by people who “either had some contact information about that person or some connection to them”. From the Facebook post:

We’ve concluded that approximately 6 million Facebook users had email addresses or telephone numbers shared. There were other email addresses or telephone numbers included in the downloads, but they were not connected to any Facebook users or even names of individuals. For almost all of the email addresses or telephone numbers impacted, each individual email address or telephone number was only included in a download once or twice. This means, in almost all cases, an email address or telephone number was only exposed to one person. Additionally, no other types of personal information or financial information were included and only people on Facebook – not developers or advertisers – have access to the DYI tool.

The “DYI” tool is the “Download Your Information” tool. The short answer about what happened is that people were using it to download an archive of their own Facebook account. When they did this, “they may have been provided with additional email address or telephone numbers for their contacts or people with whom they have some connection”.

Facebook says it confirmed the bug, then immediately disabled the DYI tool. They turned it back on after fixing the bug. According to Reuters, the data leaks from this bug began in 2012 and were a “year long data breach”.