Tag Archives: Privacy

WhatsApp Announces Chat Lock

Meta, ,

WhatsApp posted on its blog “Chat Lock” Making your most intimate conversations even more private”. The purpose of this new feature appears to give users a more secure way to protect their intimate conversations behind one more layer of security. From the blog post:

Our passion is to find new ways to help keep your messages private and secure. Today, we’re excited to bring to you a new feature we’re calling Chat Lock, which lets you protect your most intimate conversations behind one more layer of security,

Locking a chat takes that thread out of the inbox and puts it behind its own folder that can only be accessed with your device password or biometric, like a fingerprint. It also automatically hides the content of that chat in notifications, too.

We think this feature will be great for people who have reason to share their phones from time to time with a family member of those moments where someone else is holding your phone at the exact moment an extra special chat arrives.You can lock a chat by tapping the name of a one-to-one or group and selecting the lock option. To reveal these chats, slowly pull down on your inbox and enter your phone password or biometric.

Over the next few months, we’re going to be adding more options for Chat Lock, including locking for companion devices and creating a custom password for your chats so that you can use a unique password different from the one you use for your phone.

Engadget reported that Chat Lock should allow users to keep certain conversations more private. The tool lets you lock any conversation, which it places in a specialized folder that is only accessible via biometrics, like a fingerprint or a face scan, or by entering a current password.

According to Engadget, WhatsApp says they’re busy prepping for more features for Chat Lock, like the ability to create a custom password for each chat and a tool to lock chats across multiple devices. Parent company Meta has been extraordinarily busy trying to keep WhatsApp safe and reliable, as it recently beefed up the verification system to hinder would-be scammers and added more options to deal with disappearing messages.

iPhone in Canada reported that Meta CEO Mark Zuckerberg commented on Chat Lock, saying “New locked chats in WhatsApp make your conversations more private. They’re hidden in a password protected folder and notifications won’t show sender or message content.”

Chat Lock brings further privacy to conversations and is something iMessage should integrate at some point as well. There’s nothing worse than seeing some embarrassing notifications pop up from your group chats that aren’t silenced, iPhone in Canada reported. On iPhone, it is possible to lock down the opening of WhatsApp with Face ID or Touch ID, but that doesn’t stop or hide notifications from chats.

iPhone in Canada also reported: We’re not seeing WhatsApp Chat Lock in Canada yet, but if you are, let us know.

To me, it makes sense for WhatsApp to provide the kind of privacy that should be enabled for private, personal chats. This new feature makes WhatsApp one of the most secure apps for people who want to have personal chats with someone special.

Tech Companies Urge Congress to Protect Search and Browsing Data

Privacy,

Several tech companies are asking the U.S. House of Representatives to pass legislation that would prevent the FBI from obtaining people’s browser history without a warrant. The tech companies include: Mozilla, Reddit, Twitter, and Patreon.

Mozilla Corporation, Engine, Reddit, Inc., Reform Government Surveillance, Twitter, i2Coalition, and Patreon sent a letter to Speaker Nancy Pelosi, Minority Leader Kevin McCarthy, Chairman of the U.S. House Committee on the Judiciary Jerry Nadler, and Ranking Member of the U.S. House Committee on the Judiciary. From the letter:

We urge you to explicitly prohibit the warrantless collection of internet search and browsing history when you consider the USA FREEDOM Reauthorization Act (H.R. 6172) next week. As leading internet businesses and organizations, we believe privacy and security are essential to our economy our businesses, and the continued growth of the free and open internet. By clearly reaffirming these protections, Congress can help preserve user trust and facilitate the continued use of the internet as a powerful contributing force for our recovery.

This comes after the U.S. Senate voted down an amendment to the USA Patriot Act that would create a tougher standard for government investigators to collect web search and browsing histories of people in the states.

It was a bipartisan amendment that would have required the Department of Justice to show probable cause when requesting approval from the Foreign Intelligence Surveillance Court to collect the data for counterterrorism or counterintelligence investigations.

Apple Explains Why Newer iPhones Share Location Data

Apple,

There’s something strange going on with the iPhone 11 Pro. Security reporter Brian Krebs noticed that the iPhone 11 Pro intermittently seeks the user’s location information even when all applications and system services on the phone are individually set to never request this data.

On Nov. 13, KrebsOnSecurity contacted Apple to report this as a possible privacy bug in the new iPhone Pro and/or in iOS 13.x, sharing a video showing how the device still seeks the user’s location when each app and system service is set to “never” request location information (but with the main Location Data service still turned on).

You can watch that video on the KrebsOnSecurity website. The first response from Apple came from an Apple engineer that described what was happening as “expected behavior”. The engineer stated: “It is expected behavior that the Location Services icon appears in the status bar when Location Services is enabled. The icon appears for system services that do not have a switch in Settings.”

Personally, I think that’s really creepy. Brian Krebs rightfully pointed out that what is happening seems to contradict Apple’s recent commercials, which emphasize that Apple respects users privacy. I find it troubling that some of the newest Apple phones have been collecting location data without the user’s permission or knowledge. I also wonder why Apple failed to turn off something that they clearly were aware of. It feels sneaky.

Later, Apple provided more information to KrebsOnSecurity. The short version is that the behavior (which I think of as location tracking) is connected to a “new short-range technology that lets iPhone 11 users share files locally with other nearby phones that support this feature.” Apple said a future version of its mobile operating system will allow users to disable it. You can read more about this on KrebsOnSecurity.

Facebook Portal Will Spy On You After All

Facebook, Privacy, , , ,

As reported by Recode, and with a small dose of “Told you so“, Facebook has clarified that it will spy on you using its new Portal devices after all.

In an email sent to Recode, Facebook said, “Portal voice calling is built on the Messenger infrastructure, so when you make a video call on Portal, we collect the same types of information (i.e. usage data such as length of calls, frequency of calls) that we collect on other Messenger-enabled devices. We may use this information to inform the ads we show you across our platforms. Other general usage data, such as aggregate usage of apps, etc., may also feed into the information that we use to serve ads.

I don’t have to put up with this kind of privacy abuse when I use my landline or my smartphone to make a voice call. Why should it be acceptable at all just because it’s a video call?

Imagine I phoned a retailer using their toll-free number and then I was phoned a few days later by a competitor, perhaps offering a discount. The phone company had sold my phone number to the competitor on the basis of the original call. Now, I’m fairly sure that would be flat out illegal in most countries – I’m not a lawyer but I’m pretty sure in Europe the GDPR regulations would stop that – but here we are with Facebook potentially showing us ads on the basis of who we talk to. This is just wrong, wrong, wrong.

I am increasingly of the opinion that these social media giants need regulation to ensure our rights are maintained. Keeping private both conversations, and the data about conversations, would be a very good place to start.

Shhh! It’s a Secret!

Privacy, Security, ,

Shhh!The past few weeks have seen most of the tech industry line up against law enforcement and intelligence agencies over the matter of encryption and privacy. I particularly liked Google’s recent conversion to privacy as it wasn’t that long ago that Eric Schmidt, Google CEO, said that, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

Moving on, there’s been a great deal of emphasis on the privacy aspect, but few have noted that encryption is mainly about secrecy, and that privacy and secrecy are not the same thing. If you do think that privacy and secrecy are the same thing, consider this, “It’s no secret that you go to the restroom, but it’s something you do in private.” I can’t claim credit for this – Bruce Schneier was discussing this over ten years ago and I thoroughly recommend you read some of his recent posts on the matters too.

You might also like to think of it this way; a private home v. secret hide-out. The former is in plain sight but restricted to the owner and his guests, whereas the latter is hidden and known only to a select few.

With a better understanding of the difference between privacy and security, a more reasoned debate can take place, which needs to be agnostic of the technology, to decide the rights of the individuals and the responsibilities of law enforcement.

Ask yourself some questions, “Should what person X does (on their phone) be private?” and “Should what person X does (on their phone) be secret?”. Remember, person X might be you, your family, your friends, your colleagues; person X might be suspects, criminals, murderers, terrorists, paedophiles; person X might be freedom fighters, democracy activitists, oppressed women, abused spouses, LGBT members. You get the picture, person X might be someone you approve of, or they might be someone you don’t like.

The easy answer is to say that person X should have privacy but not secrecy. Does this guard against wholesale monitoring of communication by intelligence agencies? Snowden has shown that this happened and I think most people would see this as an overreach of their authority with no legal oversight. But once person X has come to the attention of the authorities, does that strip away any right to privacy? What level of suspicion is needed, what evidence is required, what is the process of law? None of these have easy answers.

Undoubtedly this is a complex affair with hyperbole, thin-end-of-wedge-ism, and freedom protestors in dictatorships by the bucket load. For certain, we need to move this away from the technology and into human, societal and legal rights. Nothing is black and white, but this is about the future and the world we want to live in. Personally, I firmly believe in privacy, but I’m not so sure about secrecy. I use encryption on my phone as reassurance that should I lose my phone, important data won’t be misused by the finder. Generally I feel that wrong-doers, alleged or otherwise, shouldn’t have secrets, but I’m always concerned about the abuse of power. As always, “Who watches the watchers?”

(The other curious thing to consider is regarding dead people. Generally, they don’t have the same legal rights as living people. What would this mean?)

eBlocker Pro Protects Online Privacy at CES

internet, , ,

eblockerGuarding your privacy online can be a real challenge. There are so many systems out there designed to track your every mouse click, it’s impossible to try and keep track of them all. And while you can give yourself a baseline level of protection by adjusting some browser settings, that may not be enough to keep you truly guarded. Many different companies have come up with tools to help users maintain their online privacy and eBlocker is the latest to enter this field.

At CES 2016, the company has announced its eBlocker Pro device. Unlike many other privacy protection systems that rely on software solutions, eBlocker Pro is a piece of hardware that easily connects to a home network. From there, eBlocker Pro protects all of the devices connected to the network by cloaking their IP addresses, and blocks all ads and trackers, allowing you to truly surf the web anonymously. eBlocker Pro also has a customizable service for shared devices called eBlocker Family. This allows administrators (i.e. parents) to whitelist or block certain websites, based on who’s using a device. eBlocker Family is especially designed for situations where family members are sharing a device like a tablet or a desktop computer.

eBlocker can be found during CES 2016 in the Sands G/Eureka Park building, booth #80432.

Public Outcry Over New Spotify Terms of Service

Security, ,

Spotify logoSpotify, the Sweden-based media streaming service, received some negative press earlier this week because of some recent changes to its terms of service. Initially, it looked like the company was getting a bit too grabby with users’ personal information. The ToS was updated by adding this language:

With your permission, we may collect information stored on your mobile device, such as contacts, photos, or media files. Local law may require that you seek the consent of your contacts to provide their personal information to Spotify, which may use that information for the purposes specified in this Privacy Policy.

The new terms were first brought to the general public thru a Twitter post by former Minecraft developer Notch. This led to a response from Spotify CEO Daniel Ek. From there, Spotify went into damage control mode, starting with a blog post that’s supposed to clarify the situation.

And while these new terms do look a bit overreaching, the key part to remember is that Spotify won’t be doing anything with your information without your consent. Still, the company could’ve done a better job of clarifying exactly what it’s planning to do with your photos, contacts, and other information.

Considering so much recent news in the tech world has revolved around hacks, leaks, and privacy breaches, all companies doing business online need to be super transparent about these kinds of things going forward if they want to maintain (and grow) their customer bases.