Category Archives: privacy

Privacy features in iOS 14

Abstract

Apple has launched iOS version 14 and it has lots of good features however, most noticeable features are in privacy and security. Here is the list of major privacy features:

  • Not Every App Can Access Your Precise Geo location
  • Password Monitoring
  • Privacy Report
  • Camera/Mic Recording Indicator: Recording light when an app is using your iPhone’s camera or microphone 
  • Control On Cross-App Tracking
  • Limited Photos Library Access for Selected App
  • many more..

Read more in for details

https://www.forbes.com/sites/kateoflahertyuk/2020/06/23/apple-ios-14-revealed-3-awesome-iphone-security-features-youll-want-now/#2f45b066e7a6

https://thehackernews.com/2020/06/ios14-macos-big-sur-privacy.html

Browser privacy study: Brave browser is best for privacy & fast browsing

Abstract

We study six browsers: Google Chrome, Mozilla Firefox, Apple Safari, Brave Browser, Microsoft Edge and Yandex Browser. Chrome is by far the most popular browser, followed by Safari and Firefox. Between them these browsers are used for the great majority of web access. Brave is a recent privacyorientated browser, Edge is the new Microsoft browser and Yandex is popular amongst Russian speakers (second only to Chrome).

In summary, based on our measurements we find that the browsers split into three distinct groups from this privacy perspective.

  • In the first (most private) group lies Brave
  • In the second Chrome, Firefox and Safari
  • And in the third (least private) group lie Edge and Yandex.

Used “out of the box” with its default settings Brave is by far the most private of the browsers studied. We did not find any use of identifiers allowing tracking of IP address over time, and no sharing of the details of web pages visited with backend servers

References

Web Browser Privacy: What Do Browsers Say When They Phone Home? https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf

Brave beats other browsers in privacy study

Impressive security & privacy features of Firefox

When we all know that surveillance business has got free hand for long time but things are changing now. Not only Govts (i.e European union, USA, Germany) as an individual we are more cautious about our privacy. Privacy regulations like GDPR has made big impact. Big giants have no option but to regulate themselves or pay huge fine. We all know that Google & facebook have paid huge fine recently. We should also acknowledge facebook scandals contribution in whole privacy movement.

In a very recent move, Firefox has announced few important & impressive security features and some of them listed here:

Enhanced tracking protection

Firefox will be made available to new users with enhanced tracking protection enabled by default. Those already using Firefox will see the feature rolled out automatically in the coming months. Mozilla says the new feature will stop the “thousands of companies known for tracking” from accessing users’ personal data.

Password protection & inform user about data breaches

Another feature available on all browsers is a central dashboard called Firefox Monitor, originally announced in 2018 as a partnership with Troy Hunt’s Have I Been Pwned website. This is especially impressive because it allows users to search whether their details have been exposed in any known breaches, so they can change their passwords when needed.

For those who cares about security & privacy and don’t want websites to track everything. We could give a try on firefox. Below snapshot shows privacy options you have in Firefox.

Data Privacy: It’s time for the data brokers to be accountable.

You might be wondering why everyone in cyber experts call & I quote “Your Personal data is new oil”. Comparison Oil with Personal data is a metaphor because everyone is after your personal data. It’s the fact that user personal data is being sold from one party to another.

The whole shadow business is called data brokerages including big giants: Facebook, Google & Amazon. They have free hand: From collecting user data to selling third-parties. If data breach happens, They are not accountable at all. For the data brokers, Data breaches in their database does not matter because they know their data is not a secret. They have already sold many times.

Data brokers intrude on the privacy of millions of people by harvesting and monetizing their personal information without their knowledge or consent. Worse, many data brokers fail to securely store this sensitive information, predictably leading to data breaches (likeEquifax) that put millions of people at risk of identity theft, stalking, and other harms for years to come.


List of major data brokerages

But, Time is changing & now world is waking up on data privacy & un-ethical practices. Also, Making data brokerages accountable. One of the recent example apart from GDPR law is Vermont’s New Data Privacy Law

What Vermont’s Law Does

Vermont’s new data privacy law seeks to protect consumers from data brokers through four important mechanisms.

Transparency. Data brokers must annually register with the state. When doing so, they must disclose whether consumers may opt-out of data collection, retention, or sale, and if so, how they may do so. A data broker must also disclose whether it has a process to credential its purchasers, and its number of security breaches.

Duty to secure data. Data brokers must adopt comprehensive data security programs with administrative, technical, and physical safeguards.

No fraudulent collection. Data brokers may not collect personal information by fraudulent means, or for the purpose of harassment or discrimination.

Free credit freezes. Credit freezes are an important way for consumers to protect themselves from the fallout of a data breach. Many businesses will not extend credit absent a report from a credit reporting agency, and a credit freeze bars these agencies from issuing a report until a consumer lifts the freeze when they actually want credit. Vermont already empowered consumers to use credit freezes to protect themselves from credit fraud. The new Vermont law bars credit agencies from charging consumers fees for this protection.

Reference

https://www.eff.org/deeplinks/2018/09/vermonts-new-data-privacy-law

CyberSecurity: Why every app needs to know your location?

Just a few days back, Me & my friend was planning to go to Chipotle for Lunch. We both love Chipotle. We have been to Chipotle before. Just a few months back & Restaurant was little bit far away. So I asked him to go near by this time. While we were discussing, we both try to search the same Chipotle nearby. Interesting, For me Google shows nearby but for my friend, It shows up 15 KM away. Same google search.

He asked me why does google not show chipotle near by? The interesting thing is google didn’t show Chipotle which is near to us but showing the results where we have been before. It is not about search. It is about your location data. Google knows where your are & Where you have been before?
The truth is Google track your location even if you are offline.

So, What’s the big deal of Location Data?

Well, Applications have all your data. Very very sensitive data your health records, your home address & every details about you. Apps have penetrated successful in life & collected your data that we have come to the situation where apps know more about you than you know about yourself. Experts call it surveillance economy.

But question is Why is location data have more security concern? Isn’t like any other data? Well, Yes it is important because Home address, email etc are one & permanent address & do not change frequently. You can be out of home & close email etc. However, Keep an eye on location data means Someone following you wherever you go & you can’t stop them. Your smartphone is a spy device & you are carrying willingly allowing apps to track you.

Cyber experts always say the privacy isn’t something you own it or controlled it. However, If some app actually needs it then it makes sense. For example, If I want to take a cab. I wish to get my location by Uber or Lyft automatically. However, These apps should not track my location all the time. My location data would be used for commercial as well & This is perfectly alright up-to some extent.

However, torch, Health apps, photo scanner etc trying to collect your location data does not make sense.

Why these apps know about location?

It’s all about showing relevant content & ads to the users. And, One of the reason is that companies like Apple, Facebook, Amazon & Google are trying to reduce the gaps between offline & online world. Let’s if Google knows what kind of stores you have been visiting & same data shared with Amazon. They can target you & show personalized content, offer etc.

If weather apps can share your location data with facebook or other restaurants & facebook can start showing up ads accordingly. In general, Fee apps (Nothing is free as such) are more aggressive in collecting data & selling to companies like Facebook, Amazon etc.

How to put safety guards?

Android & iOS both operating systems supports apps level permission & settings. iOs devices have easy settings where user can modify apps behaviour & allow to collect location data when you are using it.

Google does have guide to change the apps permission.

https://support.google.com/android/answer/6179507