Category: TECH

Startpage announced on September 28, 2019 on the official Startpage blog that Privacy One Group Ltd has made an investment in Startpage.com. The announcement revealed that the relationship between the two groups started in January 2019 and that Startpage will continue to deliver “quality, unbiased search results while respecting online privacy and never storing consumer data” going forward.

The Internet has little information about Privacy One Group Ltd.  A Limited companies search returns no hits and most information that is available online has been published after the Startpage announcement.

Startpage revealed in the press release that Privacy One Group Ltd is owned by System1; that fact and the lack of information surrounding Privacy One Group Ltd caused uncertainty and confusion.

A search for System1 returns more information. The company operates out of London and it becomes clear quickly that it is an advertising company.

At System1 we use behavioural and marketing science to help brands and marketers achieve profitable growth with zero waste. Our systems produce outcomes, not just insights, and our solutions are based in the fast and easy decisions people make every day.

To summarize: an advertising company (System1) has a “separate operating unit” that focuses on user privacy (Privacy One Group) that acquired a stake (how much) of the privacy focused search engine Startpage.

It is clear that such a scenario would raise questions. What is Privacy One Group Ltd all about? How much control do the original owners of Startpage still have over the company and the decision making processes? Does System1 benefit in any way?

These questions have not been answered.

Privacytools.io delisted Startpage after trying to get answers; this means that the service no longer recommends Startpage. PrivacyTools notes in the announcement that it has no evidence of Startpage violating its privacy policies and that the decision was based on a number of unanswered questions and Startpage’s evasive behavior in regards to these questions.

In particular, PrivacyTools wants to know:

• The percentage of stakes that System1 / Privacy One Group Ltd acquired from Surfboard Holding B.V.
• The current percentage of ownership by System1.
• Information about Privacy One Group Ltd including its corporate structure, country of registration and operation.
• Data flow diagrams to indicate which data flows to outside organizations.

CONTINUE @ GH HACKS

Activists from Fight for the Future mounted the protest in Washington, DC, on Thursday.

Three protesters wearing white jumpsuits bearing signs saying “Facial Recognition in Progress” scanned the faces of passersby using smartphones mounted on their heads. They used Amazon’s commercially available facial-recognition software, called Rekognition.

The protesters were making the point that facial recognition remained unregulated in the US. Private companies and the US government are increasingly adopting the technology, prompting fears of surveillance creep.

The protesters focused on the halls of Congress as well as busy metro stops, and they were looking in particular for members of Congress, journalists, and Amazon lobbyists, according to a press release.

The protest was livestreamed, and a tally was kept of how many people they scanned. The final count was 13,740, including 25 lobbyists, seven journalists, and one congressman, Democratic Rep. Mark DeSaulnier of California.

The website where the protest was livestreamed allows people to upload their picture to check whether they were among the 13,740 faces scanned. Fight for the Future says it will delete all the photos and data after two weeks.

“This should probably be illegal, but until Congress takes action to ban facial-recognition surveillance, it’s terrifyingly easy for anyone — a government agent, a corporation, or just a creepy stalker — to conduct biometric monitoring and violate basic rights at a massive scale,” Fight for the Future’s deputy director, Evan Greer, said in a statement. “We did this to make a point.”

CONTINUE @ BI

As connected devices such as voice assistants, security cameras, and smart appliances grow in popularity, the homes and offices where they are installed become increasingly filled with a dense web of Wi-Fi signals.

A new study from University of Chicago and University of California, Santa Barbara researchers finds that external attackers can use inexpensive technology to turn these ambient signals into motion detectors, monitoring activity inside a building without being detected themselves.

With only a small, commercially available Wi-Fi receiver, an attacker from outside the target site can measure the strength of signals emitted from connected devices and monitor a site remotely for motion, sensing whether a room is occupied. The research, led by leading UChicago computer scientists Heather Zheng and Ben Zhao, reveals the technique of these attacks as well as potential defenses.

“It’s what we call a silent surveillance attack,” said Zheng, a Neubauer Professor of Computer Science at the University of Chicago and expert on networking, security and wireless technologies. “It’s not just about privacy, it’s more about physical security protection. By just listening to existing Wi-Fi signals, someone will be able to see through the wall and detect whether there’s activity or where there’s a human, even without knowing the location of the devices. They can essentially do a monitoring surveillance of many locations. That’s very dangerous.”

The research builds upon earlier findings that exposed the ability to “see through walls” using Wi-Fi signals. However, previous methods detected indoor activity by sending signals into the building and measuring how they are reflected back to a receiver, a method that would be easy to detect and defend against. The new approach requires only “passive listening” to a building’s existing Wi-Fi signals, does not need to transmit any signals or break encryption, and grows more accurate when more connected devices are present, raising significant security concerns.

CONTINUE @ CHICAGO.EDU

More than 60% of Americans think it’s impossible to go through daily life without being tracked by companies or the government, according to a new Pew Research study. The results provide important context on the long-running question of how much Americans really care about privacy.

Read the room: It’s not just that Americans (correctly) think companies are collecting their data. They don’t like it. About 69% of Americans are skeptical that companies will use their private information in a way they’re comfortable with, while 79% don’t believe that companies will come clean if they misuse the information.

When it comes to who they trust, there are differences by race. About 73% of black Americans, for instance, are at least a little worried about what law enforcement knows about them, compared with 56% of white Americans. But among all respondents, more than 80% were concerned about what social-media sites and advertisers might know.

Despite these concerns, more than 80% of Americans feel they have no control over how their information is collected.

The small print: Very few people read privacy policies, the survey shows. That’s understandable. A review of 150 policies from major websites found that the average one takes about 18 minutes to read and requires at least a college-level reading ability. Few people have time for that—and even if they did, most people are forced to agree anyway if they really need the service.

How did we get here? It’s understandable that Americans are concerned. Ever since the Facebook–Cambridge Analytica data scandal, there has been a constant parade of stories about how data is collected and monitored. Apps know our location and don’t keep it secret.

CONTINUE @ MIT

5G is faster and more secure than 4G. But new research shows it also has vulnerabilities that could put phone users at risk.

Security researchers at Purdue University and the University of Iowa have found close to a dozen vulnerabilities, which they say can be used to track a victim’s real-time location, spoof emergency alerts that can trigger panic or silently disconnect a 5G-connected phone from the network altogether.

5G is said to be more secure than its 4G predecessor, able to withstand exploits used to target users of older cellular network protocols like 2G and 3G like the use of cell site simulators — known as “stingrays.” But the researchers’ findings confirm that weaknesses undermine the newer security and privacy protections in 5G.

Worse, the researchers said some of the new attacks also could be exploited on existing 4G networks.

The researchers expanded on their previous findings to build a new tool, dubbed 5GReasoner, which was used to find 11 new 5G vulnerabilities. By creating a malicious radio base station, an attacker can carry out several attacks against a target’s connected phone used for both surveillance and disruption.

In one attack, the researchers said they were able to obtain both old and new temporary network identifiers of a victim’s phone, allowing them to discover the paging occasion, which can be used to track the phone’s location — or even hijack the paging channel to broadcast fake emergency alerts. This could lead to “artificial chaos,” the researcher said, similar to when a mistakenly sent emergency alert claimed Hawaii was about to be hit by a ballistic missile amid heightened nuclear tensions between the U.S. and North Korea. (A similar vulnerability was found in the 4G protocol by University of Colorado Boulder researchers in June.)

Another attack could be used to create a “prolonged” denial-of-service condition against a target’s phone from the cellular network.

In some cases, the flaws could be used to downgrade a cellular connection to a less-secure standard, which makes it possible for law enforcement — and capable hackers — to launch surveillance attacks against their targets using specialist “stingray” equipment.

All of the new attacks can be exploited by anyone with practical knowledge of 4G and 5G networks and a low-cost software-defined radio, said Syed Rafiul Hussain, one of the co-authors of the new paper.

CONTINUE @ TECH DIRT

Facebook once tried to buy Musical.ly, the Chinese lip-syncing app which was eventually acquired by Chinese social media giant ByteDance and merged with its app Douyin to form viral video app TikTok, according to reports from BuzzFeed and Bloomberg.

Three sources familiar with the talks told BuzzFeed’s Ryan Mac that Facebook spent the second half of 2016 trying to buy the Shanghai-headquartered Musical.ly in an attempt to break into the Chinese market. These sources said that while the talks were “serious” they never came to frutition with Facebook unable to close the deal.

ByteDance bought Musical.ly in 2017.

Bloomberg’s reporting differs, with a source saying that Facebook walked away out of “concern about the app’s young user base and Chinese ownership.”

The reports add a slightly different tenor to Mark Zuckerberg’s recent remarks about TikTok and China.

The Facebook CEO has been sounding the alarm against TikTok, criticizing the platform for censoring its users and scrubbing content that might displease the Chinese government. TikTok has denied censorship.

At the same time US senators are starting to scrutinise ByteDance and TikTok more closely. Earlier this month the company skipped a senate hearing on China and big tech, and were consequently “empty-chaired.”

CONTINUE @ BI

Google now has access to detailed medical records on tens of millions of Americans, but the company promises it won’t mix that medical data with any of the other data Google collects on consumers who use its services.

Google provided this statement yesterday shortly after The Wall Street Journal reported that Google is partnering with Ascension, the country’s second-largest health care system, “on a project to collect and crunch the detailed personal-health information of millions of people across 21 states.”

“To be clear: under this arrangement, Ascension’s data cannot be used for any other purpose than for providing these services we’re offering under the agreement, and patient data cannot and will not be combined with any Google consumer data,” Google said in a blog post. That would mean Google won’t use the medical data to target advertisements at users of Google services.

Google also said that its work with Ascension “adheres to industry-wide regulations (including HIPAA) regarding patient data, and come[s] with strict guidance on data privacy, security, and usage.”

“We have a Business Associate Agreement (BAA) with Ascension, which governs access to Protected Health Information (PHI) for the purpose of helping providers support patient care,” Google said. “This is standard practice in health care, as patient data is frequently managed in electronic systems that nurses and doctors widely use to deliver patient care.”

What can Google see? Pretty much everything

Patient data shared with Google includes names, birth dates, addresses, family members, allergies, immunizations, radiology scans, hospitalization records, lab tests, medications, medical conditions, “and some billing claims and other clinical records,” according to a followup article in the Journal. The partnership “covers the personal health records of around 50 million patients of Ascension,” the Journal wrote.

The Journal said that “Neither doctors nor patients have been formally notified of the arrangement” and that Google and Ascension began the project “in secret last year.”

Google seems to be correct that the partnership doesn’t violate HIPAA (the Health Insurance Portability and Accountability Act). As the Journal noted, that law “generally allows hospitals to share data with business partners without telling patients, as long as the information is used ‘only to help the covered entity carry out its health care functions.'” An expert quoted by the Journal noted that Google would be at risk of violating the law “if it uses the health data to perform independent research outside the direct scope of patient care.”

CONTINUE @ ARS

iPhone owners, beware. It appears Facebook might be actively using your camera without your knowledge while you’re scrolling your feed.

The issue has come to light after a user going by the name Joshua Maddux took to Twitter to report the unusual behavior, which occurs in the Facebook app for iOS. In footage he shared, you can see his camera actively working in the background as he scrolls through his feed.

The problem becomes evident due to a bug that shows the camera feed in a tiny sliver on the left side of your screen, when you open a photo in the app and swipe down. TNW has since been able to independently reproduce the issue.

Here’s what this looks like:

Found a @facebook #security & #privacy issue. When the app is open it actively uses the camera. I found a bug in the app that lets you see the camera open behind your feed. Note that I had the camera pointed at the carpet. pic.twitter.com/B8b9oE1nbl

— Joshua Maddux (@JoshuaMaddux) November 10, 2019

Maddux adds he found the same issue on five iPhone devices running iOS 13.2.2, but was unable to reproduce it on iOS 12. “I will note that iPhones running iOS 12 don’t show the camera (not to say that it’s not being used),” he said.

CONTINUE @ TNW

Below is a list of Android Secret Codes that can alert users if anything is amiss with their phone. This is a great tool if your operating on the other side of the law. Hopefully, your not that stupid since we all know cell phones are Big Brother tracking devices.

Continue reading “Comprehensive List of Android Secret Codes” →

Are you still putting your cell phone number on your business card?

If that’s you, please take the time to watch this eye-opening video brought to you by Security Researcher.

Continue reading “Security expert: Don’t put your cell phone number on a business card” →

Poor governance and privacy concerns have knocked Facebook out of an influential ethics index that tracks socially responsible companies.

Continue reading “Facebook removed from S&P list of ethical companies after data scandals” →

Walmart is using computer vision technology to monitor checkouts and deter potential theft in more than 1,000 stores, the company confirmed to Business Insider.

The surveillance program, which Walmart refers to internally as Missed Scan Detection, uses cameras to help identify checkout scanning errors and failures.

Continue reading “Walmart reveals it’s tracking checkout theft with AI-powered cameras in 1,000 stores” →